General

  • Target

    Serne.exe

  • Size

    21KB

  • Sample

    230331-hn7rpsac2w

  • MD5

    2469c5e13fb61f3d7c2ec99980506390

  • SHA1

    17d77e0e0a6a9e0b7a215585dd3abc93d45ad081

  • SHA256

    885ee8e9a14478858c45bbd9ec9b7638237df7b97bc9c016479a329b8d09eb02

  • SHA512

    35e0cb410e943e48e4b7b8443973095f7ff64526ad88ffe985036985b16d3ab1223bac9aefb4f4e68a5cb5683f4cc5adf42d3bad139c8f585273b5d6e87ebefa

  • SSDEEP

    384:mek3VcvQZaBtk2mQ4LquufMlmX4hirnmBag+S8ucdMEwvIKzjMq/XeNxhbcrdODB:meEcvQZaPk2J4hufMlmX4hirnmBx+SIk

Malware Config

Extracted

Family

warzonerat

C2

95.214.24.231:65535

Targets

    • Target

      Serne.exe

    • Size

      21KB

    • MD5

      2469c5e13fb61f3d7c2ec99980506390

    • SHA1

      17d77e0e0a6a9e0b7a215585dd3abc93d45ad081

    • SHA256

      885ee8e9a14478858c45bbd9ec9b7638237df7b97bc9c016479a329b8d09eb02

    • SHA512

      35e0cb410e943e48e4b7b8443973095f7ff64526ad88ffe985036985b16d3ab1223bac9aefb4f4e68a5cb5683f4cc5adf42d3bad139c8f585273b5d6e87ebefa

    • SSDEEP

      384:mek3VcvQZaBtk2mQ4LquufMlmX4hirnmBag+S8ucdMEwvIKzjMq/XeNxhbcrdODB:meEcvQZaPk2J4hufMlmX4hirnmBx+SIk

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks