warzonerat | 1102bbe5826dcc2de429fc1e3d249a98430889a875a4bc1505fc9e520d0140d3 | Triage

Submit
Reports

Overview

overview

Static

static

pdf file.exe

windows7_x64

3

pdf file.exe

windows10_x64

Sharing

General

Target

pdf_file.iso
Size

1.2MB
Sample

210707-dvkqk9jfl6
MD5

807721222a16167de1aecfb0b7cbd9a5
SHA1

dd39e9c9b8d235e046b08dcc69b18cfa1f38f5df
SHA256

1102bbe5826dcc2de429fc1e3d249a98430889a875a4bc1505fc9e520d0140d3
SHA512

4d767c557f3038ea970b1ceca16cbf43438e18b8e19f3cb0e4d02677f28058357023ca290dfb82bd8ead96697385809aec591e4c80288440dddc785f378dfc21

Score

10^/10

warzonerat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

pdf file.exe

Resource

win7v20210410

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

pdf file.exe

Resource

win10v20210410

warzonerat infostealer rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

185.157.160.215:2211

Targets

- Target
  
  pdf file.exe
- Size
  
  1.1MB
- MD5
  
  3cbd781f564cf84ffef48e204f447b2d
- SHA1
  
  62a79b0bde60d2b46ceb204bd127065d64c66d3d
- SHA256
  
  686f4b4a55d410762e893e7caccfe000ff0b927339a4da65b3076ac932d8b409
- SHA512
  
  5ae28a6458f9368ce0a5f08b189903171372514b3aeb218a21affd4448d4c4d97e382dd6153e63e1bfbde0d675438544125153f9530f234198a783d6e6d027ac
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

warzoneratinfostealerrat

© 2018-2024

Terms | Privacy