warzonerat | 316defa7aba9f42e2e5adc55ba4669303c1a341b68d2e6cf8e1ae3807cbac1e7 | Triage

Submit
Reports

Overview

overview

Static

static

Order Drawing.exe

windows7_x64

Order Drawing.exe

windows10_x64

Sharing

General

Target

Order Drawing.exe
Size

219KB
Sample

210520-efca471kh2
MD5

ba238aab80697e0c6479431b775fd98b
SHA1

c8ecc52cc128a599eecb34b51e3dcf4f5fd17aae
SHA256

316defa7aba9f42e2e5adc55ba4669303c1a341b68d2e6cf8e1ae3807cbac1e7
SHA512

df586609464c65db8611180694e28df39179d0f18c557806ccc32c1bfcb6ef69a1de5dd7759574f5a16a0e3663ad28da884660d2d6ef13eba4fadc08678981f0

Score

10^/10

warzonerat infostealer rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Order Drawing.exe

Resource

win7v20210408

warzonerat infostealer rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Order Drawing.exe

Resource

win10v20210410

warzonerat infostealer rat spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

180.214.238.96:5200

Targets

- Target
  
  Order Drawing.exe
- Size
  
  219KB
- MD5
  
  ba238aab80697e0c6479431b775fd98b
- SHA1
  
  c8ecc52cc128a599eecb34b51e3dcf4f5fd17aae
- SHA256
  
  316defa7aba9f42e2e5adc55ba4669303c1a341b68d2e6cf8e1ae3807cbac1e7
- SHA512
  
  df586609464c65db8611180694e28df39179d0f18c557806ccc32c1bfcb6ef69a1de5dd7759574f5a16a0e3663ad28da884660d2d6ef13eba4fadc08678981f0
Score

10^/10

warzonerat infostealer rat spyware stealer
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

warzoneratinfostealerratspywarestealer

© 2018-2024

Terms | Privacy