warzonerat | f873b017cb3063a499db2874275e4797b8412ccd1300d29f4f1af03d66ee6700 | Triage

Submit
Reports

Overview

overview

Static

static

SF40_DOC.EXE

windows7_x64

SF40_DOC.EXE

windows10_x64

Sharing

General

Target

f873b017cb3063a499db2874275e4797b8412ccd1300d29f4f1af03d66ee6700.bin
Size

1.4MB
Sample

210709-4qt2fr7ccs
MD5

bebb9136602cd382ad33f82834ba6d02
SHA1

551c0387707a5740bd9f2e7651951481003f5db7
SHA256

f873b017cb3063a499db2874275e4797b8412ccd1300d29f4f1af03d66ee6700
SHA512

6a9ebbc2212de9eafe5b2e91faa948f73b712e69db7eca39306d28edc47c29830cf607fa90ba3452f2c4239d7a91214805272af9303444b9f5054efa35f5cf73

Score

10^/10

warzonerat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

SF40_DOC.EXE

Resource

win7v20210410

warzonerat infostealer rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SF40_DOC.EXE

Resource

win10v20210408

warzonerat infostealer rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

165.22.5.66:6666

Targets

- Target
  
  SF40_DOC.EXE
- Size
  
  859KB
- MD5
  
  378b91450d386cf5916fb645b143d89d
- SHA1
  
  e34a417e9a6a4985de8cf1877d542364c7255dcd
- SHA256
  
  bfb41f621f57bccd1923f8437a21329666ebd4f826c7ed0f7540d54f464ad7b5
- SHA512
  
  c5db058ddfae775203c41fcf29a69e5420017722b32ca446f019e8f15cc9a4c7aa07f64fb95b5ecac5fcd6ffc8020dfb093d869f6f853bfccd1f512253d3f2dd
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

warzoneratinfostealerrat

© 2018-2024

Terms | Privacy