General

  • Target

    SecuriteInfo.com.Win32.RATX-gen.3212.5858.exe

  • Size

    60KB

  • Sample

    221201-d2hyaaah26

  • MD5

    8c4b7521e74a3960a77f70f53179670e

  • SHA1

    c775546bdb0e2d4401e391d075cfcc0b863c8774

  • SHA256

    cea6d4fbb54e357c9c62deab33a97e5e94b91f7f95a39a6e5daf5dd69133b6d7

  • SHA512

    c683bb89b0301f330a22609c4b810c241a63964c53f4c9ae544f89d356009977714e70d8b9481bc89055c760a0a6de45dbe5b9d55ab3b432b71ddad1e643e1a7

  • SSDEEP

    1536:/iyl1nZJJMZ4jTjx6WZG/YGcO/R4UMz5Tu:/iybnBGc1u

Malware Config

Targets

    • Target

      SecuriteInfo.com.Win32.RATX-gen.3212.5858.exe

    • Size

      60KB

    • MD5

      8c4b7521e74a3960a77f70f53179670e

    • SHA1

      c775546bdb0e2d4401e391d075cfcc0b863c8774

    • SHA256

      cea6d4fbb54e357c9c62deab33a97e5e94b91f7f95a39a6e5daf5dd69133b6d7

    • SHA512

      c683bb89b0301f330a22609c4b810c241a63964c53f4c9ae544f89d356009977714e70d8b9481bc89055c760a0a6de45dbe5b9d55ab3b432b71ddad1e643e1a7

    • SSDEEP

      1536:/iyl1nZJJMZ4jTjx6WZG/YGcO/R4UMz5Tu:/iybnBGc1u

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Tasks