warzonerat | f4be91d5771599ee3f80dd26990d324c291e4b327db563c15379b09ffa79eadb | Triage

Submit
Reports

Overview

overview

Static

static

Purchase O...07.exe

windows7_x64

3

Purchase O...07.exe

windows10_x64

Sharing

General

Target

Purchase Orders - Foreign_000000000088707.exe
Size

449KB
Sample

210526-b2dvwackpa
MD5

ebfe963401c01212c017ba9281bfcbc3
SHA1

51eda08a4839939950fb904c45fbc0ea1ff2ab5a
SHA256

f4be91d5771599ee3f80dd26990d324c291e4b327db563c15379b09ffa79eadb
SHA512

1f076d5f8c94b89a9568771ef57539c4ae1bfad1b47c2f69354495c177ff030060b663951dc139a0ca78436977e8c72ddebe2d9f94fc68a4648e018942e4c4b9

Score

10^/10

warzonerat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

Purchase Orders - Foreign_000000000088707.exe

Resource

win7v20210408

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Purchase Orders - Foreign_000000000088707.exe

Resource

win10v20210410

warzonerat infostealer rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

157.55.136.23:5300

Targets

- Target
  
  Purchase Orders - Foreign_000000000088707.exe
- Size
  
  449KB
- MD5
  
  ebfe963401c01212c017ba9281bfcbc3
- SHA1
  
  51eda08a4839939950fb904c45fbc0ea1ff2ab5a
- SHA256
  
  f4be91d5771599ee3f80dd26990d324c291e4b327db563c15379b09ffa79eadb
- SHA512
  
  1f076d5f8c94b89a9568771ef57539c4ae1bfad1b47c2f69354495c177ff030060b663951dc139a0ca78436977e8c72ddebe2d9f94fc68a4648e018942e4c4b9
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Downloads MZ/PE file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

warzoneratinfostealerrat

© 2018-2024

Terms | Privacy