warzonerat | 1a4b1ff81740913af2ff73f904589c1c8002a59de3758fc105e4b9bd1652d5d4 | Triage

Sharing

General

Target

PL-PB39-210706.bin.zip
Size

501KB
Sample

210708-kbknj2fswx
MD5

09362fbd118c6b5e4c1f74f27c5dc1d2
SHA1

0fb3a33bda4858413676317c1dc254c8f0110670
SHA256

1a4b1ff81740913af2ff73f904589c1c8002a59de3758fc105e4b9bd1652d5d4
SHA512

8f7e49fbdc39084dff9c7f7e5fcbfb2e238f6e565de05dd5d094c76bedb1dbf6d377dc16b7d13b24d1b5d7050ee8bcb63308a93df9b0cd5ca4584e8428bceaf3

Score

10^/10

warzonerat infostealer rat

Malware Config

Extracted

Family

warzonerat

C2

sipex2021.ddns.net:6397

Targets

- Target
  
  PL-PB39-210706.bin
- Size
  
  715KB
- MD5
  
  1e319708c4a19328d77d69194cd38825
- SHA1
  
  7a32f59a929f8980c3f6978bb61c9607d8d1b636
- SHA256
  
  698af940b3ff533826faf92c237801109ded9a8fa32ca6ff50d5f33dc002c98c
- SHA512
  
  5b4f0b09e32bf89911ee54519683306fbcb208d3a158c80c0af77fa8be4a007a30eba4e2a71e2b94bfccf6b355411a738f862ad503cf5e14fbb44dfe20129654
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

warzoneratinfostealerrat