General
-
Target
steamupdater.exe
-
Size
132KB
-
Sample
241203-h9s6favqav
-
MD5
ae272da48f63b0c97b06f92f00f4ff3e
-
SHA1
a6c26a2de3abaefb120845ae642001948a25b141
-
SHA256
1a8da2a01c3fdd2d155b6ed685818988bd980f94b7f4eff3011a88bac8baaff7
-
SHA512
345c2ba95aa64d7dbea7b912ee8005211c4bf259634dca803ccd55b2b2176929e4fc2c2482462c733abbd8c9c9fec2c3ceb8e80559804b49911baca0bcef9032
-
SSDEEP
3072:K7W9jps0Tx4azG6GweOTir5axbjNCz45LT7a:KwpsERzGKurEXCzeLT7a
Behavioral task
behavioral1
Sample
steamupdater.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
warzonerat
189.14.53.123:1177
Targets
-
-
Target
steamupdater.exe
-
Size
132KB
-
MD5
ae272da48f63b0c97b06f92f00f4ff3e
-
SHA1
a6c26a2de3abaefb120845ae642001948a25b141
-
SHA256
1a8da2a01c3fdd2d155b6ed685818988bd980f94b7f4eff3011a88bac8baaff7
-
SHA512
345c2ba95aa64d7dbea7b912ee8005211c4bf259634dca803ccd55b2b2176929e4fc2c2482462c733abbd8c9c9fec2c3ceb8e80559804b49911baca0bcef9032
-
SSDEEP
3072:K7W9jps0Tx4azG6GweOTir5axbjNCz45LT7a:KwpsERzGKurEXCzeLT7a
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzonerat family
-
Warzone RAT payload
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1