Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/D...

windows11-21h2-x64

10

Resubmissions

06-02-2025 23:37

250206-3mbcbsspfm 10

05-02-2025 13:44

250205-q1zwmaylfy 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://github.com/Da2dalus/The-MALWARE-Repo

  • Sample

    250206-3mbcbsspfm

Score
10/10
warzoneratdefense_evasiondiscoveryinfostealermacromacro_on_actionratrezer0

Malware Config

Extracted

Family

warzonerat

C2

168.61.222.215:5400

Targets

    • Target

      https://github.com/Da2dalus/The-MALWARE-Repo

    Score
    10/10
    warzoneratdefense_evasiondiscoveryinfostealermacromacro_on_actionratrezer0

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzonerat family

      warzonerat

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Warzone RAT payload

      rat

    • Downloads MZ/PE file

    • Office macro that triggers on suspicious action

      Office document macro which triggers in special circumstances - often malicious.

      macromacro_on_action

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks