warzonerat | f92db9d719cb7053b1b814f4a3a31c30572e83dd51b549da36d32b473361c30a | Triage

Sharing

General

Target

CLEW enquiry 2021.PDF.exe
Size

472KB
Sample

210315-2bd7sw8c4j
MD5

4387f93e0d45409c4397bc25312ac979
SHA1

0f02a839cdac526bd40d7fb62f792947f2ffe76b
SHA256

f92db9d719cb7053b1b814f4a3a31c30572e83dd51b549da36d32b473361c30a
SHA512

54f6761a0bcd495a8c7d6fe31859271515044fe9750df726bd7f51045f03450481f015152ba06b39adc3852ea1f129fadaab4a9634b200d91d3d22aca4da1ccf

Score

10^/10

warzonerat infostealer rat

Malware Config

Extracted

Family

warzonerat

C2

79.134.225.26:3141

Targets

- Target
  
  CLEW enquiry 2021.PDF.exe
- Size
  
  472KB
- MD5
  
  4387f93e0d45409c4397bc25312ac979
- SHA1
  
  0f02a839cdac526bd40d7fb62f792947f2ffe76b
- SHA256
  
  f92db9d719cb7053b1b814f4a3a31c30572e83dd51b549da36d32b473361c30a
- SHA512
  
  54f6761a0bcd495a8c7d6fe31859271515044fe9750df726bd7f51045f03450481f015152ba06b39adc3852ea1f129fadaab4a9634b200d91d3d22aca4da1ccf
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

warzoneratinfostealerrat