Overview

overview

10

Static

static

10

ce34a3da8d...db.exe

windows7-x64

10

ce34a3da8d...db.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ce34a3da8d759ee7d5132527a4e901ed0707f55b7c47c37a4788c256795297db.exe

  • Size

    8.9MB

  • Sample

    241124-w2srlaynek

  • MD5

    52f7b9e5d387e156587914f89a1ae8d6

  • SHA1

    ae3ee7a4cf8ee3c689d31f4fa470466033224275

  • SHA256

    ce34a3da8d759ee7d5132527a4e901ed0707f55b7c47c37a4788c256795297db

  • SHA512

    9145952f45eda6fa22754005f16dc392baf841e4ceadc610b197c315f0dbc9b5cdb35723fa1193efff391e4bab1e57fca5178eeba8be0cc3bef8e66df75d00da

  • SSDEEP

    49152:K1XP6rPbNechC0bNechC0bNecIC0bNechC0bNechC0bNecX:K1+8e8e8f8e8e8c

Score
10/10
warzoneratdiscoveryinfostealerpersistencerat

Malware Config

Targets

    • Target

      ce34a3da8d759ee7d5132527a4e901ed0707f55b7c47c37a4788c256795297db.exe

    • Size

      8.9MB

    • MD5

      52f7b9e5d387e156587914f89a1ae8d6

    • SHA1

      ae3ee7a4cf8ee3c689d31f4fa470466033224275

    • SHA256

      ce34a3da8d759ee7d5132527a4e901ed0707f55b7c47c37a4788c256795297db

    • SHA512

      9145952f45eda6fa22754005f16dc392baf841e4ceadc610b197c315f0dbc9b5cdb35723fa1193efff391e4bab1e57fca5178eeba8be0cc3bef8e66df75d00da

    • SSDEEP

      49152:K1XP6rPbNechC0bNechC0bNecIC0bNechC0bNechC0bNecX:K1+8e8e8f8e8e8c

    Score
    10/10
    warzoneratdiscoveryinfostealerpersistencerat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzonerat family

      warzonerat

    • Warzone RAT payload

      rat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks