Overview

overview

10

Static

static

10

23c32832b8...fN.exe

windows7-x64

10

23c32832b8...fN.exe

windows10-2004-x64

10

23c32832b8...fN.exe

android-9-x86

23c32832b8...fN.exe

android-10-x64

23c32832b8...fN.exe

android-11-x64

23c32832b8...fN.exe

macos-10.15-amd64

23c32832b8...fN.exe

ubuntu-18.04-amd64

23c32832b8...fN.exe

debian-9-armhf

23c32832b8...fN.exe

debian-9-mips

23c32832b8...fN.exe

debian-9-mipsel

Resubmissions

13-01-2025 05:59

250113-gp47ja1qhj 10

12-01-2025 23:42

250112-3p99faxpel 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    23c32832b80a9530e2fdf1cd335585847cb25bb11c3c8e3008bb3e34c415532fN

  • Size

    2.9MB

  • Sample

    250113-gp47ja1qhj

  • MD5

    0981843c2e0c2722ceffd71d48849b80

  • SHA1

    86f71db7708588eab7d9aeb3603cdbc0bbff3d22

  • SHA256

    23c32832b80a9530e2fdf1cd335585847cb25bb11c3c8e3008bb3e34c415532f

  • SHA512

    aa1ef006d3b86edff7aabd28613535eae082db8f6e57c1a107bd445809b756680b63fcadfed77ddea18dabe9e922c17508555c9e2083cff93f3f36bd4c3ef77a

  • SSDEEP

    24576:ATU7AAmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHi:ATU7AAmw4gxeOw46fUbNecCCFbNecl

Score
10/10
warzoneratandroiddiscoveryevasioninfostealerlinuxmacospersistenceratupx

Malware Config

Targets

    • Target

      23c32832b80a9530e2fdf1cd335585847cb25bb11c3c8e3008bb3e34c415532fN

    • Size

      2.9MB

    • MD5

      0981843c2e0c2722ceffd71d48849b80

    • SHA1

      86f71db7708588eab7d9aeb3603cdbc0bbff3d22

    • SHA256

      23c32832b80a9530e2fdf1cd335585847cb25bb11c3c8e3008bb3e34c415532f

    • SHA512

      aa1ef006d3b86edff7aabd28613535eae082db8f6e57c1a107bd445809b756680b63fcadfed77ddea18dabe9e922c17508555c9e2083cff93f3f36bd4c3ef77a

    • SSDEEP

      24576:ATU7AAmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHi:ATU7AAmw4gxeOw46fUbNecCCFbNecl

    Score
    10/10
    warzoneratdiscoveryevasioninfostealerpersistenceratupx

    • Modifies WinLogon for persistence

      persistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzonerat family

      warzonerat

    • Warzone RAT payload

      rat

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral10behavioral2behavioral3behavioral4behavioral5behavioral6behavioral7behavioral8behavioral9

MITRE ATT&CK Enterprise v15

Tasks