warzonerat | d31cd3d115f23ac70007b2b3918de2502ee0636178c3b1b8557a3b0cb5903acf | Triage

Submit
Reports

Overview

overview

Static

static

QUOTE_8776...DF.exe

windows7_x64

QUOTE_8776...DF.exe

windows10_x64

Sharing

General

Target

QUOTE_8776_788965_998866PDF.exe
Size

914KB
Sample

210113-bxbvyke3he
MD5

02155f87231c8ae6b34ff306a75bcb0f
SHA1

1278b84aff7da16e1973d1fe06b77a4e07edc3b9
SHA256

d31cd3d115f23ac70007b2b3918de2502ee0636178c3b1b8557a3b0cb5903acf
SHA512

3c6c4014e42832448dad6bc5dd13ddbf4d735a20888f2b6eaadea1242a29bb30aab32e94a3df5582910de020332aad02e53eb0129b3754ee6416c76b9c670779

Score

10^/10

warzonerat infostealer rat spyware

Static task

static1

Behavioral task

behavioral1

Sample

QUOTE_8776_788965_998866PDF.exe

Resource

win7v20201028

warzonerat infostealer rat spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

QUOTE_8776_788965_998866PDF.exe

Resource

win10v20201028

warzonerat infostealer rat spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

warzon957.duckdns.org:5051

Targets

- Target
  
  QUOTE_8776_788965_998866PDF.exe
- Size
  
  914KB
- MD5
  
  02155f87231c8ae6b34ff306a75bcb0f
- SHA1
  
  1278b84aff7da16e1973d1fe06b77a4e07edc3b9
- SHA256
  
  d31cd3d115f23ac70007b2b3918de2502ee0636178c3b1b8557a3b0cb5903acf
- SHA512
  
  3c6c4014e42832448dad6bc5dd13ddbf4d735a20888f2b6eaadea1242a29bb30aab32e94a3df5582910de020332aad02e53eb0129b3754ee6416c76b9c670779
Score

10^/10

warzonerat infostealer rat spyware
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratinfostealerratspyware

behavioral2

warzoneratinfostealerratspyware

© 2018-2024

Terms | Privacy