General

  • Target

    cac1c584865dc768d05e0252e96ae2101e3dcee23f0cfcac4c19ef56b9ff4fe5

  • Size

    1.2MB

  • Sample

    230328-kk6fksbf7s

  • MD5

    8e735a4900673cdc83e38a3cf2a97e6e

  • SHA1

    c9295752d06bf81ad03c6b9790126f91a18bf6cf

  • SHA256

    cac1c584865dc768d05e0252e96ae2101e3dcee23f0cfcac4c19ef56b9ff4fe5

  • SHA512

    d99ac448318eef34ce0bf6483a9926330aa3931e3f173ab8d46ef60b5bab27e849483e9fcbc8b699cd3fa698f7199a1e4a91beadafb7ee41565b04f36754ef00

  • SSDEEP

    24576:qhXCYZNjSPZ8wMRbZOKK0CHTXrP3I2IvrrP3bfvFYlLEs2m:qhP3jxSdH7r422rTmesd

Malware Config

Extracted

Family

warzonerat

C2

buy.teamviewsoft.com:80

Targets

    • Target

      cac1c584865dc768d05e0252e96ae2101e3dcee23f0cfcac4c19ef56b9ff4fe5

    • Size

      1.2MB

    • MD5

      8e735a4900673cdc83e38a3cf2a97e6e

    • SHA1

      c9295752d06bf81ad03c6b9790126f91a18bf6cf

    • SHA256

      cac1c584865dc768d05e0252e96ae2101e3dcee23f0cfcac4c19ef56b9ff4fe5

    • SHA512

      d99ac448318eef34ce0bf6483a9926330aa3931e3f173ab8d46ef60b5bab27e849483e9fcbc8b699cd3fa698f7199a1e4a91beadafb7ee41565b04f36754ef00

    • SSDEEP

      24576:qhXCYZNjSPZ8wMRbZOKK0CHTXrP3I2IvrrP3bfvFYlLEs2m:qhP3jxSdH7r422rTmesd

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Drops startup file

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks