warzonerat | 72e1816b0f9e1fb44f557dda6696b1596b8c61369e7e91e4e730de33646d4d72 | Triage

Sharing

General

Target

0001.exe
Size

504KB
Sample

210312-ctj47935ya
MD5

dce40fe214b73d0e6404ee8d25510cd1
SHA1

e6b31b3b3c8ad95554f63415f66ae098632c5a34
SHA256

72e1816b0f9e1fb44f557dda6696b1596b8c61369e7e91e4e730de33646d4d72
SHA512

12f10cf718959d9aac2f7fb88842aa2868eb3ba963395b94a8dd7f5bbcb46674c13bf2bd59b24f2598f23435a519e66c7d166bd42d7abbac4639e633f8b07fd0

Score

10^/10

warzonerat infostealer rat

Malware Config

Extracted

Family

warzonerat

C2

79.134.225.26:3141

Targets

- Target
  
  0001.exe
- Size
  
  504KB
- MD5
  
  dce40fe214b73d0e6404ee8d25510cd1
- SHA1
  
  e6b31b3b3c8ad95554f63415f66ae098632c5a34
- SHA256
  
  72e1816b0f9e1fb44f557dda6696b1596b8c61369e7e91e4e730de33646d4d72
- SHA512
  
  12f10cf718959d9aac2f7fb88842aa2868eb3ba963395b94a8dd7f5bbcb46674c13bf2bd59b24f2598f23435a519e66c7d166bd42d7abbac4639e633f8b07fd0
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

warzoneratinfostealerrat