warzonerat | bc9f7802dd7825de6574c4eed585c53ab724a975d72b88f9871f477ea23a2716 | Triage

Submit
Reports

Overview

overview

Static

static

svchost.exe

windows7_x64

svchost.exe

windows10_x64

Sharing

General

Target

svchost.exe
Size

3.0MB
Sample

210723-qpzf7cvpz2
MD5

91f690acfa88c901361ceeb29193b957
SHA1

f65a8c9860f424598f6fe3e93ae8a05b182087f5
SHA256

bc9f7802dd7825de6574c4eed585c53ab724a975d72b88f9871f477ea23a2716
SHA512

9015d3e8e60f24e71fec3fcc37151d600adc7ac4503370efd0cba6033598cde59aecac6b9e7ba27150259ef18bd0e9bd95c625bd771130f39508880532294f96

Score

10^/10

warzonerat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

svchost.exe

Resource

win7v20210410

warzonerat infostealer rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

svchost.exe

Resource

win10v20210408

warzonerat infostealer rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

111.90.149.108:5200

Targets

- Target
  
  svchost.exe
- Size
  
  3.0MB
- MD5
  
  91f690acfa88c901361ceeb29193b957
- SHA1
  
  f65a8c9860f424598f6fe3e93ae8a05b182087f5
- SHA256
  
  bc9f7802dd7825de6574c4eed585c53ab724a975d72b88f9871f477ea23a2716
- SHA512
  
  9015d3e8e60f24e71fec3fcc37151d600adc7ac4503370efd0cba6033598cde59aecac6b9e7ba27150259ef18bd0e9bd95c625bd771130f39508880532294f96
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

warzoneratinfostealerrat

© 2018-2024

Terms | Privacy