Overview

overview

10

Static

static

10

0f071228e6...0N.exe

windows7-x64

10

0f071228e6...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0f071228e6bd82c59d5cc5f5c55760e0N.exe

  • Size

    2.9MB

  • Sample

    240724-z4rh4azhld

  • MD5

    0f071228e6bd82c59d5cc5f5c55760e0

  • SHA1

    021dfa89d56f9da4761dcd0a7153bba40d08db9a

  • SHA256

    ad71f7b66ed6676b7916a30197d92a71d5762fbe5b41934bf85b584354ef65d5

  • SHA512

    8af4c3d40e47198077598bce925dbbce2923b927aa48e87081b067a4878dea3673a3230dcdbe48d802c4493cf8eb11f5b7199345155a847809688396f549bd33

  • SSDEEP

    24576:7v97AXmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHG:7v97AXmw4gxeOw46fUbNecCCFbNecv

Score
10/10
warzoneratdiscoveryinfostealerpersistencerat

Malware Config

Targets

    • Target

      0f071228e6bd82c59d5cc5f5c55760e0N.exe

    • Size

      2.9MB

    • MD5

      0f071228e6bd82c59d5cc5f5c55760e0

    • SHA1

      021dfa89d56f9da4761dcd0a7153bba40d08db9a

    • SHA256

      ad71f7b66ed6676b7916a30197d92a71d5762fbe5b41934bf85b584354ef65d5

    • SHA512

      8af4c3d40e47198077598bce925dbbce2923b927aa48e87081b067a4878dea3673a3230dcdbe48d802c4493cf8eb11f5b7199345155a847809688396f549bd33

    • SSDEEP

      24576:7v97AXmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHG:7v97AXmw4gxeOw46fUbNecCCFbNecv

    Score
    10/10
    warzoneratdiscoveryinfostealerpersistencerat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT payload

      rat

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks