warzonerat | 890407f2497d9d1d7fbe7f5f823438821b458cf8f5e62eb7f0e3220c342cd68b | Triage

Submit
Reports

Overview

overview

Static

static

samples or...om.exe

windows7_x64

samples or...om.exe

windows10_x64

Sharing

General

Target

samples ordered 024791.com
Size

472KB
Sample

210408-4681m6tq6x
MD5

2db416bd47696a5782a82376b592cdf1
SHA1

9347f30a05b36e4528a107549f304a5dcd8ab6e2
SHA256

890407f2497d9d1d7fbe7f5f823438821b458cf8f5e62eb7f0e3220c342cd68b
SHA512

28df114c54289f1ed19090eb03fef1c7cb076a8d11a3b58cc6a82b943c1f1a2ca19c1f280c1a1d5194a3223288c1abcb3a5266706be1f828bccbb61eea6ce82e

Score

10^/10

warzonerat infostealer rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

samples ordered 024791.com.exe

Resource

win7v20201028

warzonerat infostealer rat spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

samples ordered 024791.com.exe

Resource

win10v20201028

warzonerat infostealer rat spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

185.140.53.69:4080

Targets

- Target
  
  samples ordered 024791.com
- Size
  
  472KB
- MD5
  
  2db416bd47696a5782a82376b592cdf1
- SHA1
  
  9347f30a05b36e4528a107549f304a5dcd8ab6e2
- SHA256
  
  890407f2497d9d1d7fbe7f5f823438821b458cf8f5e62eb7f0e3220c342cd68b
- SHA512
  
  28df114c54289f1ed19090eb03fef1c7cb076a8d11a3b58cc6a82b943c1f1a2ca19c1f280c1a1d5194a3223288c1abcb3a5266706be1f828bccbb61eea6ce82e
Score

10^/10

warzonerat infostealer rat spyware stealer
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratinfostealerratspywarestealer

behavioral2

warzoneratinfostealerratspywarestealer

© 2018-2024

Terms | Privacy