warzonerat | 097f07322187b8b9561819c5e281d0d477ae6767a1ee856744f02507c1213225 | Triage

Submit
Reports

Overview

overview

Static

static

[email protected]

windows7_x64

[email protected]

windows10_x64

Sharing

General

Target

6639052715229184.zip
Size

461KB
Sample

210616-499b1tln8x
MD5

0edaa7bec6cd4fcd81afde3a95cdcd44
SHA1

ebc2834a9a74bca6991a50eb3c521866bbb6249d
SHA256

097f07322187b8b9561819c5e281d0d477ae6767a1ee856744f02507c1213225
SHA512

68a8b1af160bc6cfa32335fe366d6d2f3aca17fc18d8131c9acf9e5836a1c7cf60e16f0d777650dc7aadb41351d3ad51c2055a8585057f1d5ced60beb0463b1d

Score

10^/10

warzonerat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

[email protected]

Resource

win7v20210410

warzonerat infostealer rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

[email protected]

Resource

win10v20210410

warzonerat infostealer rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

194.5.97.174:1360

Targets

- Target
  
  [email protected]
- Size
  
  1007KB
- MD5
  
  2c5a430bba25700116ef43290096f78b
- SHA1
  
  f932df755efaac964a7684b16445c5a0330e60d0
- SHA256
  
  42501637672342127aba0926855810bd7c9f22a3c6c64b8df4716cedd0f8550d
- SHA512
  
  796d5cdc5127e59844266b604d85c88955b0fe095ecc508e8070dbec380fe4a03fd8ae2070be8dd393844a165b0a223a9691850df16df202b9ef9c80bae52a9a
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

warzoneratinfostealerrat

© 2018-2024

Terms | Privacy