General

  • Target

    391c3bc7f5534306976f645db21ff085.exe

  • Size

    473KB

  • Sample

    210727-zy711adele

  • MD5

    391c3bc7f5534306976f645db21ff085

  • SHA1

    4b20940c605a93eef2de9853a180431165e7e16d

  • SHA256

    0618cbdf54ff6529c1e7b1c97242d8e9ec85cf8a4bb29cc3244743d200479a87

  • SHA512

    762f8369307823f94d3fce0c8b76bbeaeb44841cb8a0a442db2586485a24ae5821c2d9136f24ab28a04df93bdf42f8c8745fe502dc990cbb04b759b4640dfaee

Malware Config

Extracted

Family

warzonerat

C2

ghjklhgteg.strangled.net:6703

Targets

    • Target

      391c3bc7f5534306976f645db21ff085.exe

    • Size

      473KB

    • MD5

      391c3bc7f5534306976f645db21ff085

    • SHA1

      4b20940c605a93eef2de9853a180431165e7e16d

    • SHA256

      0618cbdf54ff6529c1e7b1c97242d8e9ec85cf8a4bb29cc3244743d200479a87

    • SHA512

      762f8369307823f94d3fce0c8b76bbeaeb44841cb8a0a442db2586485a24ae5821c2d9136f24ab28a04df93bdf42f8c8745fe502dc990cbb04b759b4640dfaee

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks