warzonerat | 5b109baf5c27b68041f902d867bdde2a260cddbea90ecccb09037751ab2bd032 | Triage

Analysis

max time kernel
147s
max time network
150s
platform
windows7_x64
resource
win7v20210408
submitted
05-05-2021 14:08

Sharing

Report Analysis Logs

General

Target

LETTER.JACKSON HEALTH ORGANIZATION.exe
Size

918KB
MD5

ec4fb9bcd4d0f04bf52462fc9251fab1
SHA1

d7fb12bd1f18910586fbdf63b7520474044c06c2
SHA256

5b109baf5c27b68041f902d867bdde2a260cddbea90ecccb09037751ab2bd032
SHA512

c3e8f9a92e7331d38f52b28600ddfa98c6da595bd694bb94f00cc98e9d6b9e744db15eae46a4b77a7212767d1574ede0396203c53faa01e4bc016c1269c81369

Score

10^/10

warzonerat infostealer rat

Malware Config

Extracted

Family

warzonerat

C2

esureforme100.myddns.rocks:9321

Signatures

WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
rat infostealer warzonerat

Warzone RAT Payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1948-61-0x00000000022B0000-0x0000000002404000-memory.dmp	warzonerat
behavioral1/memory/1948-66-0x00000000008C0000-0x0000000000DC0000-memory.dmp	warzonerat

C:\Users\Admin\AppData\Local\Temp\LETTER.JACKSON HEALTH ORGANIZATION.exe
"C:\Users\Admin\AppData\Local\Temp\LETTER.JACKSON HEALTH ORGANIZATION.exe"
1⤵
PID:1948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1948-60-0x0000000075511000-0x0000000075513000-memory.dmp

Filesize
8KB

Download
memory/1948-61-0x00000000022B0000-0x0000000002404000-memory.dmp

Filesize
1.3MB

Download
memory/1948-66-0x00000000008C0000-0x0000000000DC0000-memory.dmp

Filesize
5.0MB

Download