General

  • Target

    a5e1427e2f611e0515ec99807fa7b834

  • Size

    791KB

  • Sample

    240226-j92m9aha87

  • MD5

    a5e1427e2f611e0515ec99807fa7b834

  • SHA1

    dd5f391aee202ac68946e228b2100c71c5fbd6fd

  • SHA256

    d1b4cda598b802db11e479ca1e796fdec405955ea2fa83f47458711204249a2f

  • SHA512

    7cfc6c16bf4ba119087c1bf187fa57a69eb87e0709fc20bd3a84a56d757313da9a51d821b0b6d82b0144cc5194e6a228ac3a2a51b62fb1458cdcff990f19e9fe

  • SSDEEP

    12288:KTBD8U/hOk0EB1XVkLiMZ5AbtRztk1KGl010fMB9Igu9j:7A75XIb5AbtR3G5fMB9C9

Malware Config

Extracted

Family

warzonerat

C2

ugob.ddns.net:5200

Targets

    • Target

      a5e1427e2f611e0515ec99807fa7b834

    • Size

      791KB

    • MD5

      a5e1427e2f611e0515ec99807fa7b834

    • SHA1

      dd5f391aee202ac68946e228b2100c71c5fbd6fd

    • SHA256

      d1b4cda598b802db11e479ca1e796fdec405955ea2fa83f47458711204249a2f

    • SHA512

      7cfc6c16bf4ba119087c1bf187fa57a69eb87e0709fc20bd3a84a56d757313da9a51d821b0b6d82b0144cc5194e6a228ac3a2a51b62fb1458cdcff990f19e9fe

    • SSDEEP

      12288:KTBD8U/hOk0EB1XVkLiMZ5AbtRztk1KGl010fMB9Igu9j:7A75XIb5AbtR3G5fMB9C9

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks