warzonerat | 670a52daaf17c5925d5cb33c03e849a863f11f153d438519ec3c71083a90167b | Triage

Submit
Reports

Overview

overview

Static

static

text.exe

windows7_x64

text.exe

windows10_x64

Sharing

General

Target

text.exe
Size

1.1MB
Sample

210723-94dsyzav2n
MD5

08e321e2f7a4fceebed7d9330c7e627b
SHA1

2049c1f290d542fba9690958d97c25c0f9d2b39d
SHA256

670a52daaf17c5925d5cb33c03e849a863f11f153d438519ec3c71083a90167b
SHA512

f3ed6cf7f15f65878d547be2853376602236d4364f6d53566b8169fc05b26454c031f3b7b5630c5dd340054fdca81fe69f569aad9b1cc06cdef751f7eac3d1f1

Score

10^/10

warzonerat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

text.exe

Resource

win7v20210410

warzonerat infostealer rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

text.exe

Resource

win10v20210408

warzonerat infostealer rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

5.226.138.94:6621

Targets

- Target
  
  text.exe
- Size
  
  1.1MB
- MD5
  
  08e321e2f7a4fceebed7d9330c7e627b
- SHA1
  
  2049c1f290d542fba9690958d97c25c0f9d2b39d
- SHA256
  
  670a52daaf17c5925d5cb33c03e849a863f11f153d438519ec3c71083a90167b
- SHA512
  
  f3ed6cf7f15f65878d547be2853376602236d4364f6d53566b8169fc05b26454c031f3b7b5630c5dd340054fdca81fe69f569aad9b1cc06cdef751f7eac3d1f1
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

warzoneratinfostealerrat

© 2018-2024

Terms | Privacy