391c3bc7f5534306976f645db21ff085.exe

General
Target

391c3bc7f5534306976f645db21ff085.exe

Size

473KB

Sample

210727-zy711adele

Score
10 /10
MD5

391c3bc7f5534306976f645db21ff085

SHA1

4b20940c605a93eef2de9853a180431165e7e16d

SHA256

0618cbdf54ff6529c1e7b1c97242d8e9ec85cf8a4bb29cc3244743d200479a87

SHA512

762f8369307823f94d3fce0c8b76bbeaeb44841cb8a0a442db2586485a24ae5821c2d9136f24ab28a04df93bdf42f8c8745fe502dc990cbb04b759b4640dfaee

Malware Config

Extracted

Family warzonerat
C2

ghjklhgteg.strangled.net:6703

Targets
Target

391c3bc7f5534306976f645db21ff085.exe

MD5

391c3bc7f5534306976f645db21ff085

Filesize

473KB

Score
10 /10
SHA1

4b20940c605a93eef2de9853a180431165e7e16d

SHA256

0618cbdf54ff6529c1e7b1c97242d8e9ec85cf8a4bb29cc3244743d200479a87

SHA512

762f8369307823f94d3fce0c8b76bbeaeb44841cb8a0a442db2586485a24ae5821c2d9136f24ab28a04df93bdf42f8c8745fe502dc990cbb04b759b4640dfaee

Tags

Signatures

  • WarzoneRat, AveMaria

    Description

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    Tags

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10