svchost.exe

General
Target

svchost.exe

Size

2MB

Sample

210723-zrjp4l33jn

Score
10 /10
MD5

91f690acfa88c901361ceeb29193b957

SHA1

f65a8c9860f424598f6fe3e93ae8a05b182087f5

SHA256

bc9f7802dd7825de6574c4eed585c53ab724a975d72b88f9871f477ea23a2716

SHA512

9015d3e8e60f24e71fec3fcc37151d600adc7ac4503370efd0cba6033598cde59aecac6b9e7ba27150259ef18bd0e9bd95c625bd771130f39508880532294f96

Malware Config

Extracted

Family warzonerat
C2

111.90.149.108:5200

Targets
Target

svchost.exe

MD5

91f690acfa88c901361ceeb29193b957

Filesize

2MB

Score
10 /10
SHA1

f65a8c9860f424598f6fe3e93ae8a05b182087f5

SHA256

bc9f7802dd7825de6574c4eed585c53ab724a975d72b88f9871f477ea23a2716

SHA512

9015d3e8e60f24e71fec3fcc37151d600adc7ac4503370efd0cba6033598cde59aecac6b9e7ba27150259ef18bd0e9bd95c625bd771130f39508880532294f96

Tags

Signatures

  • WarzoneRat, AveMaria

    Description

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    Tags

  • Executes dropped EXE

  • Loads dropped DLL

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10