warzonerat | 0dbfba707732ce89b9302ac1705605b22204e3bb6894c7714a1d080e05edf26b | Triage

Submit
Reports

Overview

overview

Static

static

Bank Mille...in.exe

windows7_x64

Bank Mille...in.exe

windows10_x64

Sharing

General

Target

Bank Millennium S.A.bin.zip
Size

13KB
Sample

210706-enlag1zte2
MD5

aa575b217cc9d5be349bfee89f677954
SHA1

c95f2ca8ea2709529ceffa01d8baf3d378496a23
SHA256

0dbfba707732ce89b9302ac1705605b22204e3bb6894c7714a1d080e05edf26b
SHA512

361ba7e3bc3218464978a5d17c5add29b725e4de2a22fa9de339720f57cd802c7cec04f4d2ed2570a68a94d92b03d8c10aa9b03a2b7eca6b67da4f848aeddfcd

Score

10^/10

warzonerat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

Bank Millennium S.A.bin.exe

Resource

win7v20210410

warzonerat infostealer rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Bank Millennium S.A.bin.exe

Resource

win10v20210410

warzonerat infostealer rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

185.157.160.215:2211

Targets

- Target
  
  Bank Millennium S.A.bin
- Size
  
  37KB
- MD5
  
  067fd0a4d3ad7323f1e5d73bf944dc84
- SHA1
  
  301911757c361e601371e589ace575b4a7bd364b
- SHA256
  
  645134b819a6be3f5114946535b7a96c199380c5576c6e65846548ccda530c54
- SHA512
  
  1c1f9a88fb91dda4a2e4bb8ccf522c07961e59a220414befff46fe6f175d3f33c0f6474f80208723f1b036b9e8cea6922530acddc0764b4f93a8759a714b6f8b
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

warzoneratinfostealerrat

© 2018-2024

Terms | Privacy