warzonerat | 2d1e7b0b691c806b94f685f348dbe5bb4857edf0408f363314fe97535f4723a1 | Triage

Sharing

General

Target

03c3dcb65eac90148838972f83b3d127.exe
Size

856KB
Sample

210719-je73zfckt2
MD5

03c3dcb65eac90148838972f83b3d127
SHA1

3444fa4d8a0109e4ed791af052b237f1c3c7e88d
SHA256

2d1e7b0b691c806b94f685f348dbe5bb4857edf0408f363314fe97535f4723a1
SHA512

ba902e3ea4efff9b1f37d8bfc37286b64390f98b0a5158c3e2e6510f6dd0fcda74be53598a8385425efe6503e9d7bb139e523c73e1b36846115edebe59188619

Score

10^/10

warzonerat infostealer rat spyware stealer

Malware Config

Extracted

Family

warzonerat

C2

byx.z86.ru:5200

Targets

- Target
  
  03c3dcb65eac90148838972f83b3d127.exe
- Size
  
  856KB
- MD5
  
  03c3dcb65eac90148838972f83b3d127
- SHA1
  
  3444fa4d8a0109e4ed791af052b237f1c3c7e88d
- SHA256
  
  2d1e7b0b691c806b94f685f348dbe5bb4857edf0408f363314fe97535f4723a1
- SHA512
  
  ba902e3ea4efff9b1f37d8bfc37286b64390f98b0a5158c3e2e6510f6dd0fcda74be53598a8385425efe6503e9d7bb139e523c73e1b36846115edebe59188619
Score

10^/10

warzonerat infostealer rat spyware stealer
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratinfostealerratspywarestealer

behavioral2

warzoneratinfostealerratspywarestealer