General

  • Size

    131KB

  • Sample

    220728-tvr6dahhbn

  • MD5

    608dc7fbe2dff9f8e3369cf42cc9d14f

  • SHA1

    43af1c4d81b86341e14d034e8a2bfebc284856e0

  • SHA256

    6d728c9e4c26986174ff5e7eb8d8aa494cf173a3f7dad211d21fa106eb354d1a

  • SHA512

    1a39e04e7f5fd6e11330641d02b24a424df4363ae6589cc15eb7043cd2abf9de9064ae77274ef7fed8803e6660bb118f24b664d1d7c86e9f5c1a4393aecda62b

Malware Config

Extracted

Family

warzonerat

C2

192.168.1.2:5200

Targets

    • Target

      608dc7fbe2dff9f8e3369cf42cc9d14f.exe

    • Size

      131KB

    • MD5

      608dc7fbe2dff9f8e3369cf42cc9d14f

    • SHA1

      43af1c4d81b86341e14d034e8a2bfebc284856e0

    • SHA256

      6d728c9e4c26986174ff5e7eb8d8aa494cf173a3f7dad211d21fa106eb354d1a

    • SHA512

      1a39e04e7f5fd6e11330641d02b24a424df4363ae6589cc15eb7043cd2abf9de9064ae77274ef7fed8803e6660bb118f24b664d1d7c86e9f5c1a4393aecda62b

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation