warzonerat | 82e883ad6e6fe8e8a480b574fffe77c18f449daa028673e42c0c74a9fd9a30e1 | Triage

Submit
Reports

Overview

overview

Static

static

doc.exe

windows7_x64

doc.exe

windows10_x64

Sharing

General

Target

doc.exe
Size

795KB
Sample

210609-vy3mx8exbs
MD5

6dcd993aa9adc6d1f14f0da54e8e7353
SHA1

e3bde1a8dc7138e42d9047151a8901ddb4a1e113
SHA256

82e883ad6e6fe8e8a480b574fffe77c18f449daa028673e42c0c74a9fd9a30e1
SHA512

ca97de74082eeb012e6bde671d3a891371dd691ded049da3137b204cb4a036d25646f23142fe1560485de95d812ce4d8f3f243ceb0336e153c5b828f7bdfc08a

Score

10^/10

warzonerat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

doc.exe

Resource

win7v20210410

warzonerat infostealer rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

doc.exe

Resource

win10v20210410

warzonerat infostealer rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

157.55.136.23:5300

Targets

- Target
  
  doc.exe
- Size
  
  795KB
- MD5
  
  6dcd993aa9adc6d1f14f0da54e8e7353
- SHA1
  
  e3bde1a8dc7138e42d9047151a8901ddb4a1e113
- SHA256
  
  82e883ad6e6fe8e8a480b574fffe77c18f449daa028673e42c0c74a9fd9a30e1
- SHA512
  
  ca97de74082eeb012e6bde671d3a891371dd691ded049da3137b204cb4a036d25646f23142fe1560485de95d812ce4d8f3f243ceb0336e153c5b828f7bdfc08a
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

warzoneratinfostealerrat

© 2018-2024

Terms | Privacy