General

  • Target

    b2b023679cca197b057144f1f73956271374f1c721f13ec334bec6c694e84816

  • Size

    141KB

  • Sample

    230227-2pf5xsgc24

  • MD5

    b60297a15ff87e458a22b442fcbb4c6c

  • SHA1

    5ca5e00692512d7c9af60a7251dc11cea0f2c613

  • SHA256

    b2b023679cca197b057144f1f73956271374f1c721f13ec334bec6c694e84816

  • SHA512

    6e37e3c6630cd04dcfcd42fed5d49cdb0221b86dbcfb83551de500a91d233545439eca2f9b419fe95ea693ce15e7a729c0f5d0021c20b6a435b8356d36594ded

  • SSDEEP

    3072:RARHROub6IiZktM+t4B6IZeAzaZyJ6QYzHHxgGT0Iw:RkxbQktMo4BRiyjYz6GTrw

Malware Config

Extracted

Family

warzonerat

C2

none0468.ddns.net:5000

Targets

    • Target

      b2b023679cca197b057144f1f73956271374f1c721f13ec334bec6c694e84816

    • Size

      141KB

    • MD5

      b60297a15ff87e458a22b442fcbb4c6c

    • SHA1

      5ca5e00692512d7c9af60a7251dc11cea0f2c613

    • SHA256

      b2b023679cca197b057144f1f73956271374f1c721f13ec334bec6c694e84816

    • SHA512

      6e37e3c6630cd04dcfcd42fed5d49cdb0221b86dbcfb83551de500a91d233545439eca2f9b419fe95ea693ce15e7a729c0f5d0021c20b6a435b8356d36594ded

    • SSDEEP

      3072:RARHROub6IiZktM+t4B6IZeAzaZyJ6QYzHHxgGT0Iw:RkxbQktMo4BRiyjYz6GTrw

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks