General

  • Target

    2b4e54af556badc27f08c9a966dd55f090f4a5ef8978793e0ba296b05ddfb242.exe

  • Size

    113KB

  • Sample

    241102-s8ab2sybrd

  • MD5

    00345de133a4d119eacc29fb87f648e9

  • SHA1

    63b3f141071e71d39866d7a4bd204b2b8615080d

  • SHA256

    2b4e54af556badc27f08c9a966dd55f090f4a5ef8978793e0ba296b05ddfb242

  • SHA512

    f44554716ca9b88ef9823508947b9756774c93888308fc4aad892db99cc3373e45013f7ad6d188fef608404a9d94e22c79c6dad6021ae3c7c3c6bcb21db3824a

  • SSDEEP

    1536:h0jP7/L1B5rVmN8sxHv2M28ix8EUaJxWZoB4u0OVE01:K1VmhaH8EFvW+0OVE0

Malware Config

Extracted

Family

warzonerat

C2

chromedata.accesscam.org:5221

Targets

    • Target

      2b4e54af556badc27f08c9a966dd55f090f4a5ef8978793e0ba296b05ddfb242.exe

    • Size

      113KB

    • MD5

      00345de133a4d119eacc29fb87f648e9

    • SHA1

      63b3f141071e71d39866d7a4bd204b2b8615080d

    • SHA256

      2b4e54af556badc27f08c9a966dd55f090f4a5ef8978793e0ba296b05ddfb242

    • SHA512

      f44554716ca9b88ef9823508947b9756774c93888308fc4aad892db99cc3373e45013f7ad6d188fef608404a9d94e22c79c6dad6021ae3c7c3c6bcb21db3824a

    • SSDEEP

      1536:h0jP7/L1B5rVmN8sxHv2M28ix8EUaJxWZoB4u0OVE01:K1VmhaH8EFvW+0OVE0

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzonerat family

    • Warzone RAT payload

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks