General

  • Target

    a2505771bff64c29c18bedf76057a991

  • Size

    233KB

  • Sample

    240224-vrgqxahb95

  • MD5

    a2505771bff64c29c18bedf76057a991

  • SHA1

    6c50a877663ec93e8822b69099a207551cd320df

  • SHA256

    d001a4f1099b5dbff889d96e6bbed73b9908804699c120ee5c14db5d2314fb2c

  • SHA512

    d7b8c31ebb0c7daa5e368343a8def58892c954ea930d0d1541dcc1a1b7c20d0ac7d885168cb4d0faaa1fc3960b3cfedcf00b3e90ec554ec7678c159c7a7a66db

  • SSDEEP

    3072:sWel0xgPKcfk6l6mmXOF/aGygjGHpZLzxJ0wTGMAPnlmUHm8C2obEG91QxZb342y:sWvY6m0/GGJZLzxZTTyJGXEGAY

Malware Config

Extracted

Family

warzonerat

C2

178.170.138.163:4554

Targets

    • Target

      a2505771bff64c29c18bedf76057a991

    • Size

      233KB

    • MD5

      a2505771bff64c29c18bedf76057a991

    • SHA1

      6c50a877663ec93e8822b69099a207551cd320df

    • SHA256

      d001a4f1099b5dbff889d96e6bbed73b9908804699c120ee5c14db5d2314fb2c

    • SHA512

      d7b8c31ebb0c7daa5e368343a8def58892c954ea930d0d1541dcc1a1b7c20d0ac7d885168cb4d0faaa1fc3960b3cfedcf00b3e90ec554ec7678c159c7a7a66db

    • SSDEEP

      3072:sWel0xgPKcfk6l6mmXOF/aGygjGHpZLzxJ0wTGMAPnlmUHm8C2obEG91QxZb342y:sWvY6m0/GGJZLzxZTTyJGXEGAY

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks