warzonerat | 872ac5743d339a60af70e0b933a15c4c68f5e40b168c3b5ef444cf280673ee42 | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...05.exe

windows7_x64

1

SecuriteIn...05.exe

windows10_x64

Sharing

General

Target

SecuriteInfo.com.Trojan.Packed.24465.17731.23605
Size

128KB
Sample

210412-zevzz8hyje
MD5

5c09522de5f3253871d318ba84094b2e
SHA1

c783db9c74006be5933fa057f2ff532b60392b94
SHA256

872ac5743d339a60af70e0b933a15c4c68f5e40b168c3b5ef444cf280673ee42
SHA512

e850c6daaa4809a8204c3f5a346a2ba89477048e0458de040f516d8e4506101ff04f43400e6daf8f7d1fa249f92e1bdd79448232d78b254b1845223413dd4f4c

Score

10^/10

warzonerat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Trojan.Packed.24465.17731.23605.exe

Resource

win7v20210408

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Trojan.Packed.24465.17731.23605.exe

Resource

win10v20210410

warzonerat infostealer rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

148.251.48.16:5200

Targets

- Target
  
  SecuriteInfo.com.Trojan.Packed.24465.17731.23605
- Size
  
  128KB
- MD5
  
  5c09522de5f3253871d318ba84094b2e
- SHA1
  
  c783db9c74006be5933fa057f2ff532b60392b94
- SHA256
  
  872ac5743d339a60af70e0b933a15c4c68f5e40b168c3b5ef444cf280673ee42
- SHA512
  
  e850c6daaa4809a8204c3f5a346a2ba89477048e0458de040f516d8e4506101ff04f43400e6daf8f7d1fa249f92e1bdd79448232d78b254b1845223413dd4f4c
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Executes dropped EXE
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

warzoneratinfostealerrat

© 2018-2024

Terms | Privacy