Resubmissions

03-12-2024 07:26

241203-h9s6favqav 10

03-12-2024 07:19

241203-h5xm3avney 10

General

  • Target

    steamupdater.exe

  • Size

    132KB

  • Sample

    241203-h9s6favqav

  • MD5

    ae272da48f63b0c97b06f92f00f4ff3e

  • SHA1

    a6c26a2de3abaefb120845ae642001948a25b141

  • SHA256

    1a8da2a01c3fdd2d155b6ed685818988bd980f94b7f4eff3011a88bac8baaff7

  • SHA512

    345c2ba95aa64d7dbea7b912ee8005211c4bf259634dca803ccd55b2b2176929e4fc2c2482462c733abbd8c9c9fec2c3ceb8e80559804b49911baca0bcef9032

  • SSDEEP

    3072:K7W9jps0Tx4azG6GweOTir5axbjNCz45LT7a:KwpsERzGKurEXCzeLT7a

Malware Config

Extracted

Family

warzonerat

C2

189.14.53.123:1177

Targets

    • Target

      steamupdater.exe

    • Size

      132KB

    • MD5

      ae272da48f63b0c97b06f92f00f4ff3e

    • SHA1

      a6c26a2de3abaefb120845ae642001948a25b141

    • SHA256

      1a8da2a01c3fdd2d155b6ed685818988bd980f94b7f4eff3011a88bac8baaff7

    • SHA512

      345c2ba95aa64d7dbea7b912ee8005211c4bf259634dca803ccd55b2b2176929e4fc2c2482462c733abbd8c9c9fec2c3ceb8e80559804b49911baca0bcef9032

    • SSDEEP

      3072:K7W9jps0Tx4azG6GweOTir5axbjNCz45LT7a:KwpsERzGKurEXCzeLT7a

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzonerat family

    • Warzone RAT payload

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks