warzonerat | c44cd8ef8c5361ab56ad3d6fbf4d8eab7f531f9e12480626a461f4de8e4e827a | Triage

Submit
Reports

Overview

overview

Static

static

New Orders.exe

windows7_x64

New Orders.exe

windows10_x64

Sharing

General

Target

New Orders.exe
Size

64KB
Sample

210407-4a5n1mktpx
MD5

d507f6899284562b5cab349e1082c297
SHA1

04f6718483f0590119e56edbb73420fa5431c9d5
SHA256

c44cd8ef8c5361ab56ad3d6fbf4d8eab7f531f9e12480626a461f4de8e4e827a
SHA512

0f6c8f84396224d0914d197dbedbf04e47f079e866bf5116f4d910e0c21a3b2d70cfeeb7c53b23650af683bcd796fb0204bff9cc2ca5e1d06a57f571d94ffb6a

Score

10^/10

warzonerat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

New Orders.exe

Resource

win7v20201028

warzonerat infostealer rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

New Orders.exe

Resource

win10v20201028

warzonerat infostealer rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

104.209.133.4:7500

Targets

- Target
  
  New Orders.exe
- Size
  
  64KB
- MD5
  
  d507f6899284562b5cab349e1082c297
- SHA1
  
  04f6718483f0590119e56edbb73420fa5431c9d5
- SHA256
  
  c44cd8ef8c5361ab56ad3d6fbf4d8eab7f531f9e12480626a461f4de8e4e827a
- SHA512
  
  0f6c8f84396224d0914d197dbedbf04e47f079e866bf5116f4d910e0c21a3b2d70cfeeb7c53b23650af683bcd796fb0204bff9cc2ca5e1d06a57f571d94ffb6a
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

warzoneratinfostealerrat

© 2018-2024

Terms | Privacy