General

  • Target

    Serne.zip

  • Size

    9KB

  • Sample

    230331-l9ngqsaf8w

  • MD5

    afbea5c5baef0eb7a49207c5bf656704

  • SHA1

    2d9fe811a75baacb60e15ed0ebf4d8db59807b9d

  • SHA256

    6f43eb8e121bbd2dc669661b0fa30917439daae9a5844bbc704e44a0f749359e

  • SHA512

    d7b02168f47d1e4e0ffe8653bf05c34bab77a592db50a4dd086fe57c2d1d03c686fb5687d59e32e83dd8226ed8e12f4f69034f0b0419f249a2257f8f3ef770de

  • SSDEEP

    192:VE+DFfNe5fvam0TZQbEvRdp/fiTFJjzq9p5g0DVhCZqXphROP+6Q7k9Bw7oC:ZFg5nCZQbEFiTFNzO5g0OZqZhF6Q7qBG

Malware Config

Extracted

Family

warzonerat

C2

95.214.24.231:65535

Targets

    • Target

      Serne.exe

    • Size

      21KB

    • MD5

      2469c5e13fb61f3d7c2ec99980506390

    • SHA1

      17d77e0e0a6a9e0b7a215585dd3abc93d45ad081

    • SHA256

      885ee8e9a14478858c45bbd9ec9b7638237df7b97bc9c016479a329b8d09eb02

    • SHA512

      35e0cb410e943e48e4b7b8443973095f7ff64526ad88ffe985036985b16d3ab1223bac9aefb4f4e68a5cb5683f4cc5adf42d3bad139c8f585273b5d6e87ebefa

    • SSDEEP

      384:mek3VcvQZaBtk2mQ4LquufMlmX4hirnmBag+S8ucdMEwvIKzjMq/XeNxhbcrdODB:meEcvQZaPk2J4hufMlmX4hirnmBx+SIk

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks