General

  • Target

    RFQ scope of requirements.js

  • Size

    2KB

  • Sample

    221129-t2nrjafa82

  • MD5

    84ae648af28a2f5acd3c67fabde24615

  • SHA1

    45a9a2ddd9b5d8fedd6c5767cdb0bafb95c6d72b

  • SHA256

    c3db9d461440908e3278fda059adb00e9f546a3dd8dd38f80a6cee93372ae15d

  • SHA512

    7262173a3d69a54489b57087380e056b4f789343e9e0fe58efc5d0efbe1f166df44360bf1f9a2dba96b04afc5cac272cb3b262bd1eeda1c347131fa2db38468d

Malware Config

Targets

    • Target

      RFQ scope of requirements.js

    • Size

      2KB

    • MD5

      84ae648af28a2f5acd3c67fabde24615

    • SHA1

      45a9a2ddd9b5d8fedd6c5767cdb0bafb95c6d72b

    • SHA256

      c3db9d461440908e3278fda059adb00e9f546a3dd8dd38f80a6cee93372ae15d

    • SHA512

      7262173a3d69a54489b57087380e056b4f789343e9e0fe58efc5d0efbe1f166df44360bf1f9a2dba96b04afc5cac272cb3b262bd1eeda1c347131fa2db38468d

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks