Overview

overview

10

Static

static

10

090abff06e...1f.exe

windows7-x64

10

090abff06e...1f.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    090abff06e171472179e3346d8a35718acb8203afb90da2a84520dcf780c531f.exe

  • Size

    8.2MB

  • Sample

    241119-wak8faymht

  • MD5

    e256f28d9adc239470a8c0ec2ca65c0c

  • SHA1

    acedb1182ca93f2b11a5f60ae311c22357059a2d

  • SHA256

    090abff06e171472179e3346d8a35718acb8203afb90da2a84520dcf780c531f

  • SHA512

    183d1dfd61c995b204714506966c9df57d83a6d35685376ccd1561e3017ee0e0e80a1faacdbc8bec52b9075ab9355763e382474409e3bbb7e5cd5c57a75ab879

  • SSDEEP

    49152:7C0bNechC0bNechC0bNecIC0bNechC0bNechC0bNecN:V8e8e8f8e8e8K

Score
10/10
warzonerataspackv2discoveryinfostealerpersistencerat

Malware Config

Targets

    • Target

      090abff06e171472179e3346d8a35718acb8203afb90da2a84520dcf780c531f.exe

    • Size

      8.2MB

    • MD5

      e256f28d9adc239470a8c0ec2ca65c0c

    • SHA1

      acedb1182ca93f2b11a5f60ae311c22357059a2d

    • SHA256

      090abff06e171472179e3346d8a35718acb8203afb90da2a84520dcf780c531f

    • SHA512

      183d1dfd61c995b204714506966c9df57d83a6d35685376ccd1561e3017ee0e0e80a1faacdbc8bec52b9075ab9355763e382474409e3bbb7e5cd5c57a75ab879

    • SSDEEP

      49152:7C0bNechC0bNechC0bNecIC0bNechC0bNechC0bNecN:V8e8e8f8e8e8K

    Score
    10/10
    warzoneratdiscoveryinfostealerpersistencerat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzonerat family

      warzonerat

    • Warzone RAT payload

      rat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks