warzonerat | 27c7c159ac96bd76fc993fd76e2ee88106631af414a235a2a1aae1e31100af99 | Triage

Submit
Reports

Overview

overview

Static

static

034c2c4066...ed.exe

windows7_x64

034c2c4066...ed.exe

windows10_x64

Sharing

General

Target

034c2c4066cf59acc6911b2c7610aded.exe
Size

605KB
Sample

210712-a8m4z97p76
MD5

034c2c4066cf59acc6911b2c7610aded
SHA1

49dec1ddfb48686edb1d76183ba51c91cf2868e6
SHA256

27c7c159ac96bd76fc993fd76e2ee88106631af414a235a2a1aae1e31100af99
SHA512

215736e2453aacee4a85fd3191ee458b7bc77cb7d8b452d65f7d8cf7269d1d7c3e1c8395b4af9d949b5331d71082b13b1ba94c518e187a42b28649bfbdf5bea6

Score

10^/10

warzonerat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

034c2c4066cf59acc6911b2c7610aded.exe

Resource

win7v20210410

warzonerat infostealer rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

034c2c4066cf59acc6911b2c7610aded.exe

Resource

win10v20210408

warzonerat infostealer rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

byx.z86.ru:5200

Targets

- Target
  
  034c2c4066cf59acc6911b2c7610aded.exe
- Size
  
  605KB
- MD5
  
  034c2c4066cf59acc6911b2c7610aded
- SHA1
  
  49dec1ddfb48686edb1d76183ba51c91cf2868e6
- SHA256
  
  27c7c159ac96bd76fc993fd76e2ee88106631af414a235a2a1aae1e31100af99
- SHA512
  
  215736e2453aacee4a85fd3191ee458b7bc77cb7d8b452d65f7d8cf7269d1d7c3e1c8395b4af9d949b5331d71082b13b1ba94c518e187a42b28649bfbdf5bea6
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

warzoneratinfostealerrat

© 2018-2024

Terms | Privacy