Overview

overview

10

Static

static

3

a9e7c2dc8f...4d.exe

windows7-x64

10

a9e7c2dc8f...4d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d36f8c241d9a1108b89f183fa836189fdba30cc9d139d9413488a5488779be0a

  • Size

    289KB

  • Sample

    240831-svwccs1bqk

  • MD5

    33b103fea9e7905f7183849d5ee33bca

  • SHA1

    780235967dbd61d6d81463fd938b6d1dea4cb19b

  • SHA256

    d36f8c241d9a1108b89f183fa836189fdba30cc9d139d9413488a5488779be0a

  • SHA512

    5d437afaac309eb613beda9407b5fb1bff5b78461dfdca0c98b12a2efd6a6a19170ea3c33f4c5cfa4f0faf9ca7f276ed21101488581e704f6bb7d8a18bed2d99

  • SSDEEP

    6144:Pmh4m10hxTHnIbjNsu5WpJ9d97T8eXm6cOhwpQj0QbF8dMgeCY50D5y:O+vnIHuucR7T8Kxhp0bMDCY50g

Score
10/10
warzoneratdiscoveryinfostealerrat

Malware Config

Extracted

Family

warzonerat

C2

185.222.57.253:4782

Targets

    • Target

      a9e7c2dc8fbd35ddb3a0c05cf48287689069060fa04fd5116587333f16db114d

    • Size

      500KB

    • MD5

      c62f20b4769e858cffa6f57c1389810c

    • SHA1

      e124134e6de16c1c629b195461e77e0f05155289

    • SHA256

      a9e7c2dc8fbd35ddb3a0c05cf48287689069060fa04fd5116587333f16db114d

    • SHA512

      14076c4230db38bfa055d0d5f73d46e46a7567fa1ae87b028e29c779832ad9818f30e50e78571622cc9ae75516f31d919097848d06ea3ad8779cd52b0e15468e

    • SSDEEP

      6144:bYRc5m80dO+390vGOnjaOThdzF1t4K6MWfSU2BRMer/:0RpBt0PnN+KhySBBRMer/

    Score
    10/10
    warzoneratdiscoveryinfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks