warzonerat | 2083d868972386aa9b3b423b6bba7ba92c65323b1d4dfea6f4cfa19435f26a4c | Triage

Sharing

General

Target

Scan_9281027361782_Swift_copy.exe
Size

19KB
Sample

210611-c5zy17wd8e
MD5

d77a90d2fa369af90578e17feb4275ca
SHA1

349d9d02476721f6b89a721c523820e504918614
SHA256

2083d868972386aa9b3b423b6bba7ba92c65323b1d4dfea6f4cfa19435f26a4c
SHA512

c64b3663ed93fe8cd41ffd25ea4d8cff9d2e4e0845e60aa894d06c7679a662dfaac34c8d6d6e5dd3a106a20bf4b076826a840d7a28878e32c5cda270fe6bfc10

Score

10^/10

warzonerat infostealer rat

Malware Config

Extracted

Family

warzonerat

C2

136.144.41.4:4771

Targets

- Target
  
  Scan_9281027361782_Swift_copy.exe
- Size
  
  19KB
- MD5
  
  d77a90d2fa369af90578e17feb4275ca
- SHA1
  
  349d9d02476721f6b89a721c523820e504918614
- SHA256
  
  2083d868972386aa9b3b423b6bba7ba92c65323b1d4dfea6f4cfa19435f26a4c
- SHA512
  
  c64b3663ed93fe8cd41ffd25ea4d8cff9d2e4e0845e60aa894d06c7679a662dfaac34c8d6d6e5dd3a106a20bf4b076826a840d7a28878e32c5cda270fe6bfc10
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

warzoneratinfostealerrat