warzonerat | 6f149397c4da5aa8c6278b121a2f8e833fae038a4dab455ee0acbb0f43310294 | Triage

Submit
Reports

Overview

overview

Static

static

ADING AD,pdf.exe

windows7_x64

ADING AD,pdf.exe

windows10_x64

Sharing

General

Target

ADING_ADpdf.iso
Size

98KB
Sample

210706-6ebbgvj8ax
MD5

b87c971608f97740228ca5487ea2d1f1
SHA1

2c82f78f27d05cecec4e5d8d127c16c24713c969
SHA256

6f149397c4da5aa8c6278b121a2f8e833fae038a4dab455ee0acbb0f43310294
SHA512

25f4b30b64b79eac5a30df9c437ee2ed0421b73653501b895e0763199c1073a6cb9923b88f92428d5fe22c8e90a0cb614e11ff8e95c51dc01c452aac4ea97772

Score

10^/10

warzonerat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

ADING AD,pdf.exe

Resource

win7v20210410

warzonerat infostealer rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ADING AD,pdf.exe

Resource

win10v20210410

warzonerat infostealer rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

185.157.160.215:2211

Targets

- Target
  
  ADING AD,pdf.exe
- Size
  
  37KB
- MD5
  
  067fd0a4d3ad7323f1e5d73bf944dc84
- SHA1
  
  301911757c361e601371e589ace575b4a7bd364b
- SHA256
  
  645134b819a6be3f5114946535b7a96c199380c5576c6e65846548ccda530c54
- SHA512
  
  1c1f9a88fb91dda4a2e4bb8ccf522c07961e59a220414befff46fe6f175d3f33c0f6474f80208723f1b036b9e8cea6922530acddc0764b4f93a8759a714b6f8b
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

warzoneratinfostealerrat

© 2018-2024

Terms | Privacy