warzonerat | b77ca2c247c1a659063b98829a0a6211e9c708f9ba40a691e02a4e8ab3cfb45b | Triage

Submit
Reports

Overview

overview

Static

static

1

DHL_June 2...DF.exe

windows7_x64

DHL_June 2...DF.exe

windows10_x64

Sharing

General

Target

DHL_June 2021 at 11M_9BZ7290_PDF.exe
Size

231KB
Sample

210614-km86f4cw9s
MD5

dc41b3c367c1d2d128ab5a1bdbd62abc
SHA1

297d9d6131dd7b147ec56150fa43b265a4cd1f45
SHA256

b77ca2c247c1a659063b98829a0a6211e9c708f9ba40a691e02a4e8ab3cfb45b
SHA512

7644aca08296a1b026409651dd7d841cac8fd51018af900a65e400a0cfc50281da523dfde478b581cc4f7f2b98c416c924cee1c2fe04faf076b39ac35224a87c

Score

10^/10

warzonerat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

DHL_June 2021 at 11M_9BZ7290_PDF.exe

Resource

win7v20210410

warzonerat infostealer rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

DHL_June 2021 at 11M_9BZ7290_PDF.exe

Resource

win10v20210410

warzonerat infostealer rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

103.133.109.176:7600

Targets

- Target
  
  DHL_June 2021 at 11M_9BZ7290_PDF.exe
- Size
  
  231KB
- MD5
  
  dc41b3c367c1d2d128ab5a1bdbd62abc
- SHA1
  
  297d9d6131dd7b147ec56150fa43b265a4cd1f45
- SHA256
  
  b77ca2c247c1a659063b98829a0a6211e9c708f9ba40a691e02a4e8ab3cfb45b
- SHA512
  
  7644aca08296a1b026409651dd7d841cac8fd51018af900a65e400a0cfc50281da523dfde478b581cc4f7f2b98c416c924cee1c2fe04faf076b39ac35224a87c
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

warzoneratinfostealerrat

© 2018-2024

Terms | Privacy