warzonerat | bfe57cd74019aabbb58cda55a091b4a72f7dff1b005af8e5a77eb89e834bea18 | Triage

Submit
Reports

Overview

overview

Static

static

AV_21DE335...E1.exe

windows7_x64

AV_21DE335...E1.exe

windows10_x64

Sharing

General

Target

AV_21DE335252288131E1.exe
Size

1.4MB
Sample

210628-ffe4xv3vv2
MD5

e28dedce9b9df8e6671e396057232c6c
SHA1

5597ab651558b23cdcfab81ea207ad4bcd1dd11e
SHA256

bfe57cd74019aabbb58cda55a091b4a72f7dff1b005af8e5a77eb89e834bea18
SHA512

84fc981f7b7e19ad16ebad4b642e163ff58c9d924e8285b8b12e9025f864621884240bf99149dacce59d539bdbf3b212a926cb7ea01709d6c79b15c4e0e7ceb8

Score

10^/10

warzonerat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

AV_21DE335252288131E1.exe

Resource

win7v20210408

warzonerat infostealer rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

AV_21DE335252288131E1.exe

Resource

win10v20210410

warzonerat infostealer rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

40.83.20.77:8700

Targets

- Target
  
  AV_21DE335252288131E1.exe
- Size
  
  1.4MB
- MD5
  
  e28dedce9b9df8e6671e396057232c6c
- SHA1
  
  5597ab651558b23cdcfab81ea207ad4bcd1dd11e
- SHA256
  
  bfe57cd74019aabbb58cda55a091b4a72f7dff1b005af8e5a77eb89e834bea18
- SHA512
  
  84fc981f7b7e19ad16ebad4b642e163ff58c9d924e8285b8b12e9025f864621884240bf99149dacce59d539bdbf3b212a926cb7ea01709d6c79b15c4e0e7ceb8
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

warzoneratinfostealerrat

© 2018-2024

Terms | Privacy