9e6b019dfbd2127debf97d9700db1efa

General
Target

9e6b019dfbd2127debf97d9700db1efa

Size

819KB

Sample

210915-hyetnsaaf9

Score
10 /10
MD5

9e6b019dfbd2127debf97d9700db1efa

SHA1

6dac4ba3a4a2eed8e8646b254d369a9ce36ac04e

SHA256

14b699de8b60b775bd609d8b07b70d0f1bbb850e75347d9b925e54c8dba68fd1

SHA512

a2775d7a2fc1263d90c9aa1b9a767196a37270637a26735307bc75b39a797b1cfe6d0a7d181958ab1253ce21b3ce74ace4fccc0701d564cb5abf88ad56e07f83

Malware Config

Extracted

Family warzonerat
C2

194.127.179.121:5010

Targets
Target

9e6b019dfbd2127debf97d9700db1efa

MD5

9e6b019dfbd2127debf97d9700db1efa

Filesize

819KB

Score
10 /10
SHA1

6dac4ba3a4a2eed8e8646b254d369a9ce36ac04e

SHA256

14b699de8b60b775bd609d8b07b70d0f1bbb850e75347d9b925e54c8dba68fd1

SHA512

a2775d7a2fc1263d90c9aa1b9a767196a37270637a26735307bc75b39a797b1cfe6d0a7d181958ab1253ce21b3ce74ace4fccc0701d564cb5abf88ad56e07f83

Tags

Signatures

  • ModiLoader, DBatLoader

    Description

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    Tags

  • WarzoneRat, AveMaria

    Description

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    Tags

  • Warzone RAT Payload

    Tags

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation