warzonerat | f39db650747130dd3ae0e3a1b1912ef321a70bce4dbc07ddf7cbe28c4273dbba | Triage

Submit
Reports

Overview

overview

Static

static

Fast color...df.exe

windows7_x64

Fast color...df.exe

windows10_x64

Sharing

General

Target

Fast color scan to a PDFfile_1_20210331084231346.pdf.exe
Size

734KB
Sample

210407-9ve7nj4srx
MD5

1f87348ab64e5b7c5d7c7a010251904d
SHA1

624ed4ab4eacfb63176b60dc4865b77f2b932ae4
SHA256

f39db650747130dd3ae0e3a1b1912ef321a70bce4dbc07ddf7cbe28c4273dbba
SHA512

ccc400f344e5bb9a0ae0931c077dbc76e02ab214a29e1954024c6aec6512676f1525521e414332654af427b3c671747be3adf138cdb97c57a52263af568dc7f7

Score

10^/10

warzonerat infostealer rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Fast color scan to a PDFfile_1_20210331084231346.pdf.exe

Resource

win7v20201028

warzonerat infostealer rat spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Fast color scan to a PDFfile_1_20210331084231346.pdf.exe

Resource

win10v20201028

warzonerat infostealer rat spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

79.134.225.102:1414

Targets

- Target
  
  Fast color scan to a PDFfile_1_20210331084231346.pdf.exe
- Size
  
  734KB
- MD5
  
  1f87348ab64e5b7c5d7c7a010251904d
- SHA1
  
  624ed4ab4eacfb63176b60dc4865b77f2b932ae4
- SHA256
  
  f39db650747130dd3ae0e3a1b1912ef321a70bce4dbc07ddf7cbe28c4273dbba
- SHA512
  
  ccc400f344e5bb9a0ae0931c077dbc76e02ab214a29e1954024c6aec6512676f1525521e414332654af427b3c671747be3adf138cdb97c57a52263af568dc7f7
Score

10^/10

warzonerat infostealer rat spyware stealer
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratinfostealerratspywarestealer

behavioral2

warzoneratinfostealerratspywarestealer

© 2018-2024

Terms | Privacy