General

  • Target

    csrss.exe

  • Size

    1.1MB

  • Sample

    230223-a5kphagb2s

  • MD5

    3bd3749e27043d48442c3a39f5ef9169

  • SHA1

    38272041806c32059abf77a7be2a16dc0e11f87d

  • SHA256

    ad6da80b71b6f6b0fb61a7dbc4db54a5edce463c8a925f5ca04cd8baec44473c

  • SHA512

    637a3a050dee1403b609914e1fb8c4ebc7520e9d5b3d374f9419ade8ca7d34cf9cae195dcdcbe691a94a2d0680cb9dc4f6c8d36c56ac8501fb0ec667b95364af

  • SSDEEP

    24576:i/UQbNqF6Ka2TDAC2OnpB9DoRFRnv4pCtcu:iJJqHdnAxep3k3n

Malware Config

Extracted

Family

warzonerat

C2

195.133.40.92:5200

Targets

    • Target

      csrss.exe

    • Size

      1.1MB

    • MD5

      3bd3749e27043d48442c3a39f5ef9169

    • SHA1

      38272041806c32059abf77a7be2a16dc0e11f87d

    • SHA256

      ad6da80b71b6f6b0fb61a7dbc4db54a5edce463c8a925f5ca04cd8baec44473c

    • SHA512

      637a3a050dee1403b609914e1fb8c4ebc7520e9d5b3d374f9419ade8ca7d34cf9cae195dcdcbe691a94a2d0680cb9dc4f6c8d36c56ac8501fb0ec667b95364af

    • SSDEEP

      24576:i/UQbNqF6Ka2TDAC2OnpB9DoRFRnv4pCtcu:iJJqHdnAxep3k3n

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks