warzonerat | 344411537546f4601fe7f667f8cd82cb0aa92da98581ea055b66d49ed16ebd89 | Triage

Submit
Reports

Overview

overview

Static

static

New Order_...iK.exe

windows7_x64

New Order_...iK.exe

windows10_x64

Sharing

General

Target

New Order_R43YZIr0C8E62iK.exe
Size

291KB
Sample

210713-6sv64lh6ea
MD5

c2defdcd91b04ece9e34bee77d0f5adc
SHA1

14b0616035e2fef2c4dc9ab4ba9b5f23b159c361
SHA256

344411537546f4601fe7f667f8cd82cb0aa92da98581ea055b66d49ed16ebd89
SHA512

41665255975bf4a392f50455b7640e77e42ee1aa505a60fa4d5b620d9ce4193832362d6159193319a0029109f6602b0ef7f78fbf20de667f773efd67b5e08c25

Score

10^/10

warzonerat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

New Order_R43YZIr0C8E62iK.exe

Resource

win7v20210408

warzonerat infostealer rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

New Order_R43YZIr0C8E62iK.exe

Resource

win10v20210410

warzonerat infostealer rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

185.105.236.179:1975

Targets

- Target
  
  New Order_R43YZIr0C8E62iK.exe
- Size
  
  291KB
- MD5
  
  c2defdcd91b04ece9e34bee77d0f5adc
- SHA1
  
  14b0616035e2fef2c4dc9ab4ba9b5f23b159c361
- SHA256
  
  344411537546f4601fe7f667f8cd82cb0aa92da98581ea055b66d49ed16ebd89
- SHA512
  
  41665255975bf4a392f50455b7640e77e42ee1aa505a60fa4d5b620d9ce4193832362d6159193319a0029109f6602b0ef7f78fbf20de667f773efd67b5e08c25
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

warzoneratinfostealerrat

© 2018-2024

Terms | Privacy