95a82f3eb6b4bfab230779e4e8afe42f

General
Target

95a82f3eb6b4bfab230779e4e8afe42f

Size

481KB

Sample

210727-4wt2nga6d6

Score
10 /10
MD5

95a82f3eb6b4bfab230779e4e8afe42f

SHA1

02dede5b6fd16a83a91066fa418baaed85a96bf8

SHA256

e51033b63bf3a77604f76f2b863b0dc1f4c86d936c807c0201ea4c24950b91a2

SHA512

24342eb4ccb2800941eda0f6e1a4ce7af1664872aeeee00db988786cb7203a632770d577fa92126832f8a247881e1602eb73a08f071178bad35c9909f6d78ba1

Malware Config

Extracted

Family warzonerat
C2

byx.z86.ru:5200

Targets
Target

95a82f3eb6b4bfab230779e4e8afe42f

MD5

95a82f3eb6b4bfab230779e4e8afe42f

Filesize

481KB

Score
10 /10
SHA1

02dede5b6fd16a83a91066fa418baaed85a96bf8

SHA256

e51033b63bf3a77604f76f2b863b0dc1f4c86d936c807c0201ea4c24950b91a2

SHA512

24342eb4ccb2800941eda0f6e1a4ce7af1664872aeeee00db988786cb7203a632770d577fa92126832f8a247881e1602eb73a08f071178bad35c9909f6d78ba1

Tags

Signatures

  • WarzoneRat, AveMaria

    Description

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    Tags

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10