General

  • Target

    Warzone-rat.rar

  • Size

    23.6MB

  • Sample

    230401-jabmsagf78

  • MD5

    404a91c5d198834ef82f65e6ea85f710

  • SHA1

    e7a7d3dc2264e9b4c2fcbc96aee1af2b175d359e

  • SHA256

    58108a5be8fcc931b9473d09d255d48798c4237e616fadd664a9dca8a3a10fe1

  • SHA512

    0fb7f67583ee43486b51db07032d54ce1436d852779cf203b6a0d5f082c88847cf06d94d9b73374a419f4fa9e58562e97e3a78619683a85c4bd8d3be8d457b46

  • SSDEEP

    393216:CSvHwPtf84mEG8hs1knCOhlMbDAmdFNm5SRlzAc12IzdPhNxojE:5QlNmh2COAbvgSTPIIzdZNSjE

Malware Config

Extracted

Family

warzonerat

C2

141.98.6.154:5555

Targets

    • Target

      WARZONE-RAT 3.03 Cracked.exe

    • Size

      14.2MB

    • MD5

      77348fe522de806874e19144787e2b2f

    • SHA1

      0927972afeddf3cf11dbd23c67861c10d6f6512f

    • SHA256

      dd1695b579dd1b5033d8efc69501e0c29bd324dcfb70bc4e4930a68028b7bcda

    • SHA512

      7c4c7596cae42eae214e42341cb31d241bcbf7834f81df60675297e2eb06aec6f520cf33966e8a941d44e880622c8cb478e4a60b16baf2dc80dacc5b86271fe4

    • SSDEEP

      393216:1knCOhlMbDAmdFNm5SRlzAc12IzdPhNxoj:12COAbvgSTPIIzdZNSj

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks