warzonerat | ac9a96be003388d497db4755c9ca68a2725c901fdec82b942b4fb84683490b01 | Triage

Submit
Reports

Overview

overview

Static

static

TOA Vietna...21.exe

windows7_x64

3

TOA Vietna...21.exe

windows10_x64

Sharing

General

Target

TOA Vietnam Co., Ltd - Inquiry Note from 26.07.2021.exe
Size

1.4MB
Sample

210726-fxf94pcqca
MD5

219ba6bac5cb35641e76ffdee2f97fbc
SHA1

4eb1887fc7de7552c674c5501de8776c5175de3f
SHA256

ac9a96be003388d497db4755c9ca68a2725c901fdec82b942b4fb84683490b01
SHA512

fff2cef9f701e5f1fa50e93e05bc13c13313815b151e9e31ff719d5b13a20d7437544efe001ad4a6745532c408e3adb42e512aaae4858d35e6bc9f18b864a9f3

Score

10^/10

warzonerat infostealer rat spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

TOA Vietnam Co., Ltd - Inquiry Note from 26.07.2021.exe

Resource

win7v20210410

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

TOA Vietnam Co., Ltd - Inquiry Note from 26.07.2021.exe

Resource

win10v20210408

warzonerat infostealer rat spyware stealer suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

185.222.57.73:4557

Targets

- Target
  
  TOA Vietnam Co., Ltd - Inquiry Note from 26.07.2021.exe
- Size
  
  1.4MB
- MD5
  
  219ba6bac5cb35641e76ffdee2f97fbc
- SHA1
  
  4eb1887fc7de7552c674c5501de8776c5175de3f
- SHA256
  
  ac9a96be003388d497db4755c9ca68a2725c901fdec82b942b4fb84683490b01
- SHA512
  
  fff2cef9f701e5f1fa50e93e05bc13c13313815b151e9e31ff719d5b13a20d7437544efe001ad4a6745532c408e3adb42e512aaae4858d35e6bc9f18b864a9f3
Score

10^/10

warzonerat infostealer rat spyware stealer suricata
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016
  suricata
- Warzone RAT Payload
  rat
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

warzoneratinfostealerratspywarestealersuricata

© 2018-2024

Terms | Privacy