warzonerat | 394b84714c723fe917d65356700c36483a29610251eb06b93fb4a2b0922a68a4 | Triage

Submit
Reports

Overview

overview

Static

static

41c6594d3f...a5.exe

windows7_x64

41c6594d3f...a5.exe

windows10_x64

Sharing

General

Target

41c6594d3fb3d3d38676a2cbe5fd4ca5
Size

724KB
Sample

210710-cwyehp2pss
MD5

41c6594d3fb3d3d38676a2cbe5fd4ca5
SHA1

dbd7e47680f8ead9d36f9ae1dd298d7d16233f76
SHA256

394b84714c723fe917d65356700c36483a29610251eb06b93fb4a2b0922a68a4
SHA512

1acb5f58d00ee91d5cdc92c71d669174d9a383ae9864cfaebaa67882c4ebd73daf813bbab5c094995618c3f139beb9aa356f67b09e8b3a8de55134e1473da7a6

Score

10^/10

warzonerat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

41c6594d3fb3d3d38676a2cbe5fd4ca5.exe

Resource

win7v20210408

warzonerat infostealer rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

41c6594d3fb3d3d38676a2cbe5fd4ca5.exe

Resource

win10v20210410

warzonerat infostealer rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

byx.z86.ru:5200

Targets

- Target
  
  41c6594d3fb3d3d38676a2cbe5fd4ca5
- Size
  
  724KB
- MD5
  
  41c6594d3fb3d3d38676a2cbe5fd4ca5
- SHA1
  
  dbd7e47680f8ead9d36f9ae1dd298d7d16233f76
- SHA256
  
  394b84714c723fe917d65356700c36483a29610251eb06b93fb4a2b0922a68a4
- SHA512
  
  1acb5f58d00ee91d5cdc92c71d669174d9a383ae9864cfaebaa67882c4ebd73daf813bbab5c094995618c3f139beb9aa356f67b09e8b3a8de55134e1473da7a6
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

warzoneratinfostealerrat

© 2018-2024

Terms | Privacy