warzonerat | af96538d76a53512e82dbb6683578b7d44577307722d1c9291cf047f5f471334 | Triage

Sharing

General

Target

Statement SKBMT 01078.exe
Size

1.1MB
Sample

210723-7p4wsws3ds
MD5

2ac95d271159084b2f3f66ebe2fc1318
SHA1

70c8964080fef2993c9a3f4cb3f6f9c8a0e10f54
SHA256

af96538d76a53512e82dbb6683578b7d44577307722d1c9291cf047f5f471334
SHA512

0619dbaa146a64851bd24c7afd04bbaf2c23e002e10a9f83a306079c6edff0e876c32c60e4fc74de64b05dd74aa24b27810572b18efdc4878426a82840649105

Score

10^/10

warzonerat infostealer rat

Malware Config

Extracted

Family

warzonerat

C2

202.55.132.213:7744

Targets

- Target
  
  Statement SKBMT 01078.exe
- Size
  
  1.1MB
- MD5
  
  2ac95d271159084b2f3f66ebe2fc1318
- SHA1
  
  70c8964080fef2993c9a3f4cb3f6f9c8a0e10f54
- SHA256
  
  af96538d76a53512e82dbb6683578b7d44577307722d1c9291cf047f5f471334
- SHA512
  
  0619dbaa146a64851bd24c7afd04bbaf2c23e002e10a9f83a306079c6edff0e876c32c60e4fc74de64b05dd74aa24b27810572b18efdc4878426a82840649105
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

warzoneratinfostealerrat