warzonerat | 13356069fcc14e4acc6e0da16a76a8acc79767e2ebdca084ab67a7d8a559fd8e | Triage

Submit
Reports

Overview

overview

Static

static

PO NUMBER ...ED.exe

windows7_x64

PO NUMBER ...ED.exe

windows10_x64

Sharing

General

Target

PO NUMBER 3120386 3120393 SIGNED.exe
Size

694KB
Sample

210412-zpa7nxmn62
MD5

199796d8afa08570d2dcc4448c85ef57
SHA1

573638654e04a6d364a8f742e74ce1594209a199
SHA256

13356069fcc14e4acc6e0da16a76a8acc79767e2ebdca084ab67a7d8a559fd8e
SHA512

cb461b03e64f094206d6efd3c6be9917cfa9ba92f68917be85afada3cee2a5962b0d54070a9639f287f102068d83e14dedbf163f3db98199aaa5ffb0b8b629ec

Score

10^/10

warzonerat infostealer rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

PO NUMBER 3120386 3120393 SIGNED.exe

Resource

win7v20201028

warzonerat infostealer rat spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PO NUMBER 3120386 3120393 SIGNED.exe

Resource

win10v20201028

warzonerat infostealer rat spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

engkaa.ddns.net:4545

Targets

- Target
  
  PO NUMBER 3120386 3120393 SIGNED.exe
- Size
  
  694KB
- MD5
  
  199796d8afa08570d2dcc4448c85ef57
- SHA1
  
  573638654e04a6d364a8f742e74ce1594209a199
- SHA256
  
  13356069fcc14e4acc6e0da16a76a8acc79767e2ebdca084ab67a7d8a559fd8e
- SHA512
  
  cb461b03e64f094206d6efd3c6be9917cfa9ba92f68917be85afada3cee2a5962b0d54070a9639f287f102068d83e14dedbf163f3db98199aaa5ffb0b8b629ec
Score

10^/10

warzonerat infostealer rat spyware stealer
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratinfostealerratspywarestealer

behavioral2

warzoneratinfostealerratspywarestealer

© 2018-2024

Terms | Privacy