warzonerat | 38fb16c57672bbf11231b5671407d0d0e2c5025bf4fb38cdbb9d427732748489 | Triage

Submit
Reports

Overview

overview

Static

static

CamScanner...27.exe

windows7_x64

CamScanner...27.exe

windows10_x64

Sharing

General

Target

CamScanner_PO#44070_Ref_989462 PO#55088_Ref_90411927.exe
Size

877KB
Sample

210724-rem1kj9n8n
MD5

80b19ac73aafce17ca375242ba9eb321
SHA1

9e8d0906490bfa2bf3c95241a4a190837980e9ef
SHA256

38fb16c57672bbf11231b5671407d0d0e2c5025bf4fb38cdbb9d427732748489
SHA512

26f5dadcf055cfa0092379f7291f4645b9dbec328d54fee9ba115a26f1bb91fd3d8d29cf154f48465c8e33eb02ad71344834fd46c942ca4128b227586a4c7929

Score

10^/10

warzonerat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

CamScanner_PO#44070_Ref_989462 PO#55088_Ref_90411927.exe

Resource

win7v20210410

warzonerat infostealer rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

CamScanner_PO#44070_Ref_989462 PO#55088_Ref_90411927.exe

Resource

win10v20210410

warzonerat infostealer rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

pentester01.duckdns.org:23411

Targets

- Target
  
  CamScanner_PO#44070_Ref_989462 PO#55088_Ref_90411927.exe
- Size
  
  877KB
- MD5
  
  80b19ac73aafce17ca375242ba9eb321
- SHA1
  
  9e8d0906490bfa2bf3c95241a4a190837980e9ef
- SHA256
  
  38fb16c57672bbf11231b5671407d0d0e2c5025bf4fb38cdbb9d427732748489
- SHA512
  
  26f5dadcf055cfa0092379f7291f4645b9dbec328d54fee9ba115a26f1bb91fd3d8d29cf154f48465c8e33eb02ad71344834fd46c942ca4128b227586a4c7929
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

warzoneratinfostealerrat

© 2018-2024

Terms | Privacy