warzonerat | 87783bb0a6d5e2846ba2b5e097fe49b9dafe36995916908fdb11e5170e81ac00 | Triage

Sharing

General

Target

payment proof.png.exe
Size

489KB
Sample

210315-lf8ftmjgqn
MD5

fb629e1391366b36827b6982c93da4c3
SHA1

3480ddeb9862c6ec1a19349b4fb248e89fc8b040
SHA256

87783bb0a6d5e2846ba2b5e097fe49b9dafe36995916908fdb11e5170e81ac00
SHA512

8edbaa68c89dcf6c4d69b54bdb8dbbb91c4d24d94f118f7f8037c34d68356dbaab360cab3fcb51738c155c37c75bc9c26ef9ed6a0119e41b154fb39d03c33538

Score

10^/10

warzonerat infostealer rat

Malware Config

Extracted

Family

warzonerat

C2

79.134.225.26:3141

Targets

- Target
  
  payment proof.png.exe
- Size
  
  489KB
- MD5
  
  fb629e1391366b36827b6982c93da4c3
- SHA1
  
  3480ddeb9862c6ec1a19349b4fb248e89fc8b040
- SHA256
  
  87783bb0a6d5e2846ba2b5e097fe49b9dafe36995916908fdb11e5170e81ac00
- SHA512
  
  8edbaa68c89dcf6c4d69b54bdb8dbbb91c4d24d94f118f7f8037c34d68356dbaab360cab3fcb51738c155c37c75bc9c26ef9ed6a0119e41b154fb39d03c33538
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

warzoneratinfostealerrat