warzonerat | cc47a9cd21127f53bdb494d7229bae248aa5a4140e7a70a9f6c521741f6ba477 | Triage

Submit
Reports

Overview

overview

Static

static

fb3f04908f...03.exe

windows7_x64

fb3f04908f...03.exe

windows10_x64

Sharing

General

Target

fb3f04908f8f150a72df754414e3a603
Size

346KB
Sample

210615-dwbye8t9pa
MD5

fb3f04908f8f150a72df754414e3a603
SHA1

b01e5ea906649f77d01264cc1cb1e451297004fe
SHA256

cc47a9cd21127f53bdb494d7229bae248aa5a4140e7a70a9f6c521741f6ba477
SHA512

45f782e3166fe1f2b1a2750b630ab41066f118fb4b93c9f4b52d1335fff1e54743193db39061d82757224524139da0977449f4a25c87011605cd7611268803ac

Score

10^/10

warzonerat infostealer rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

fb3f04908f8f150a72df754414e3a603.exe

Resource

win7v20210410

warzonerat infostealer rat spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

fb3f04908f8f150a72df754414e3a603.exe

Resource

win10v20210410

warzonerat infostealer rat spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

136.144.41.220:91

Targets

- Target
  
  fb3f04908f8f150a72df754414e3a603
- Size
  
  346KB
- MD5
  
  fb3f04908f8f150a72df754414e3a603
- SHA1
  
  b01e5ea906649f77d01264cc1cb1e451297004fe
- SHA256
  
  cc47a9cd21127f53bdb494d7229bae248aa5a4140e7a70a9f6c521741f6ba477
- SHA512
  
  45f782e3166fe1f2b1a2750b630ab41066f118fb4b93c9f4b52d1335fff1e54743193db39061d82757224524139da0977449f4a25c87011605cd7611268803ac
Score

10^/10

warzonerat infostealer rat spyware stealer
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratinfostealerratspywarestealer

behavioral2

warzoneratinfostealerratspywarestealer

© 2018-2024

Terms | Privacy