warzonerat | 86cb4f209e01280e5e290d87427a19a09d77e28a42c08f805d2443f17db26706 | Triage

Submit
Reports

Overview

overview

Static

static

PO_00130721.xlsx

windows7_x64

Sharing

General

Target

PO_00130721.xlsx
Size

674KB
Sample

210713-9hfz3natne
MD5

a0287f52a42bec7b8756fef7fdb37be5
SHA1

788f23cba38a6780a1bb0f26f7eedeebfcdff089
SHA256

86cb4f209e01280e5e290d87427a19a09d77e28a42c08f805d2443f17db26706
SHA512

9d0afe0e3fd5a01871794fb4b42a7be4e624997dccf980785600c00ada0e762291dee991d66ac6ae9dc82eeb66cf2c57df424d38447d82c8f7aa551ba609baa8

Score

10^/10

warzonerat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

PO_00130721.xlsx

Resource

win7v20210410

warzonerat infostealer rat

windows7_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

taker1234.hopto.org:5032

Targets

- Target
  
  PO_00130721.xlsx
- Size
  
  674KB
- MD5
  
  a0287f52a42bec7b8756fef7fdb37be5
- SHA1
  
  788f23cba38a6780a1bb0f26f7eedeebfcdff089
- SHA256
  
  86cb4f209e01280e5e290d87427a19a09d77e28a42c08f805d2443f17db26706
- SHA512
  
  9d0afe0e3fd5a01871794fb4b42a7be4e624997dccf980785600c00ada0e762291dee991d66ac6ae9dc82eeb66cf2c57df424d38447d82c8f7aa551ba609baa8
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratinfostealerrat

© 2018-2024

Terms | Privacy