warzonerat | c877097a2a3852b34c2ee4b0c7b2f5c7a3dc5313570e0680e04adea7e44201ef | Triage

Sharing

General

Target

fa1e0286fe931a971f5165990a8d6b00
Size

735KB
Sample

210710-k3p8mq6xla
MD5

fa1e0286fe931a971f5165990a8d6b00
SHA1

edb4a1e8019a2fa424b4907e3f52fa9184d3ea46
SHA256

c877097a2a3852b34c2ee4b0c7b2f5c7a3dc5313570e0680e04adea7e44201ef
SHA512

0ebcc51cf20aa91fca1a157ab1a29ee9202e1ac24325b5d8887f2a44c4f259a8521318c48ad29087f2ddd658d01c7ccd5b580d8151ff108dafa1057e5e1defa0

Score

10^/10

warzonerat infostealer rat spyware stealer

Malware Config

Extracted

Family

warzonerat

C2

byx.z86.ru:5200

Targets

- Target
  
  fa1e0286fe931a971f5165990a8d6b00
- Size
  
  735KB
- MD5
  
  fa1e0286fe931a971f5165990a8d6b00
- SHA1
  
  edb4a1e8019a2fa424b4907e3f52fa9184d3ea46
- SHA256
  
  c877097a2a3852b34c2ee4b0c7b2f5c7a3dc5313570e0680e04adea7e44201ef
- SHA512
  
  0ebcc51cf20aa91fca1a157ab1a29ee9202e1ac24325b5d8887f2a44c4f259a8521318c48ad29087f2ddd658d01c7ccd5b580d8151ff108dafa1057e5e1defa0
Score

10^/10

warzonerat infostealer rat spyware stealer
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

warzoneratinfostealerratspywarestealer