warzonerat | 71a23392365192b43b1689b784e7bf7561ad95c6aa0432e6c4635e17e63b1b9d | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...88.exe

windows7_x64

1

SecuriteIn...88.exe

windows10_x64

Sharing

General

Target

SecuriteInfo.com.Trojan.Packed.24465.2847.19588
Size

128KB
Sample

210412-fwvctjvk3x
MD5

811cba52862a62af61525f6d4c6ba768
SHA1

aa40b02a08223dcf34080757726d257156ecced9
SHA256

71a23392365192b43b1689b784e7bf7561ad95c6aa0432e6c4635e17e63b1b9d
SHA512

005882b4ede5c9cf9bf9a22514e0f3e5a0ff02f5e6bf680248449c34dfeca2383520781ff6a3198e27fb68e18520086bf3cc736bc75961bde0be0fc4cd1fd087

Score

10^/10

warzonerat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Trojan.Packed.24465.2847.19588.exe

Resource

win7v20210408

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Trojan.Packed.24465.2847.19588.exe

Resource

win10v20210410

warzonerat infostealer rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

148.251.48.16:5200

Targets

- Target
  
  SecuriteInfo.com.Trojan.Packed.24465.2847.19588
- Size
  
  128KB
- MD5
  
  811cba52862a62af61525f6d4c6ba768
- SHA1
  
  aa40b02a08223dcf34080757726d257156ecced9
- SHA256
  
  71a23392365192b43b1689b784e7bf7561ad95c6aa0432e6c4635e17e63b1b9d
- SHA512
  
  005882b4ede5c9cf9bf9a22514e0f3e5a0ff02f5e6bf680248449c34dfeca2383520781ff6a3198e27fb68e18520086bf3cc736bc75961bde0be0fc4cd1fd087
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Executes dropped EXE
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

warzoneratinfostealerrat

© 2018-2024

Terms | Privacy