General

  • Target

    a1d607403289b24c36ea8c40ebea62e6

  • Size

    579KB

  • Sample

    240224-pbvpyabb96

  • MD5

    a1d607403289b24c36ea8c40ebea62e6

  • SHA1

    566a72a522b9a387ac4340e469ace4a9eff18c30

  • SHA256

    1e67a3cf60838fed3422c381e1a5ea4ed25299c5ea361d98ded1321cb42ffd1c

  • SHA512

    872c3ddbcc4be1d5c8b838f3c9cfe8ce07853244cf90b468eeb2094ff23ae424864b76337bfe7484d2c2ab379b45ef6d062955b5285c50cf167d31698fc48a66

  • SSDEEP

    12288:oUOycCPEyAgcmFcvkrI9rzEs0sxD+ibZD74Djhe4/DIEVuHJub7U2RBVH:NOycpyAJTkEPEs0pibZ3ogeDI7Hkb7BZ

Malware Config

Extracted

Family

warzonerat

C2

185.19.85.155:1997

Targets

    • Target

      a1d607403289b24c36ea8c40ebea62e6

    • Size

      579KB

    • MD5

      a1d607403289b24c36ea8c40ebea62e6

    • SHA1

      566a72a522b9a387ac4340e469ace4a9eff18c30

    • SHA256

      1e67a3cf60838fed3422c381e1a5ea4ed25299c5ea361d98ded1321cb42ffd1c

    • SHA512

      872c3ddbcc4be1d5c8b838f3c9cfe8ce07853244cf90b468eeb2094ff23ae424864b76337bfe7484d2c2ab379b45ef6d062955b5285c50cf167d31698fc48a66

    • SSDEEP

      12288:oUOycCPEyAgcmFcvkrI9rzEs0sxD+ibZD74Djhe4/DIEVuHJub7U2RBVH:NOycpyAJTkEPEs0pibZ3ogeDI7Hkb7BZ

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks