Resubmissions

21-11-2024 22:43

241121-2na8aatjhr 10

21-06-2024 21:39

240621-1ht8jawdnm 10

02-05-2024 17:11

240502-vqc2bsda7z 10

04-08-2023 17:55

230804-whnnjadd72 10

16-05-2022 18:34

220516-w7szjsbgg7 10

General

  • Target

    Yeni sipari_WJO-001.exe

  • Size

    470KB

  • Sample

    230804-whnnjadd72

  • MD5

    fe24503eb81fabf579481d5054b74753

  • SHA1

    f279d3f02a1aed9da188e8bfcb41c3a0bd43fba1

  • SHA256

    404a176d0455a3e99b16c589caf58fcfec84d453d8ff0984222ecbc4ad0fefb1

  • SHA512

    b9a3f0ff9c4966296fc27be9d4dc2c0373dbd68884eb842d02615ccb24b868bc9edf61becc54f1625fc7799e4b370a833cb39352709de1c5ec9f762d93f26231

  • SSDEEP

    6144:ZTvIrqin80B3jwt05tBFGVEeOPPapTlg81t2/ceUwEt+O7rbeqE612J93Bj:oqix9wt0tNeOPwTlNt2/cKfu+q

Malware Config

Extracted

Family

warzonerat

C2

79.134.225.90:9757

Targets

    • Target

      Yeni sipari_WJO-001.exe

    • Size

      470KB

    • MD5

      fe24503eb81fabf579481d5054b74753

    • SHA1

      f279d3f02a1aed9da188e8bfcb41c3a0bd43fba1

    • SHA256

      404a176d0455a3e99b16c589caf58fcfec84d453d8ff0984222ecbc4ad0fefb1

    • SHA512

      b9a3f0ff9c4966296fc27be9d4dc2c0373dbd68884eb842d02615ccb24b868bc9edf61becc54f1625fc7799e4b370a833cb39352709de1c5ec9f762d93f26231

    • SSDEEP

      6144:ZTvIrqin80B3jwt05tBFGVEeOPPapTlg81t2/ceUwEt+O7rbeqE612J93Bj:oqix9wt0tNeOPwTlNt2/cKfu+q

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks