warzonerat | f8b2cdc588fd66dffef96f59812bbd175481e6facb1b94aba2ccef5b241aff7a | Triage

Submit
Reports

Overview

overview

Static

static

Bank Mille...in.exe

windows7_x64

Bank Mille...in.exe

windows10_x64

1

Sharing

General

Target

Bank Millennium.bin.zip
Size

24KB
Sample

210726-lv7l3wfwq2
MD5

657eb971f9fb7bbc3a91a4b6e0a94951
SHA1

bab621f8714e09996d818cb77500e4eda77f84bb
SHA256

f8b2cdc588fd66dffef96f59812bbd175481e6facb1b94aba2ccef5b241aff7a
SHA512

4fd8dce3db7941fc2af24b5a43394e9669bd1dd36edde9834184c3c824821a397c5810b4ada1820ef3b32f38cbc5e70ceeeb06573396b6fe2f12e995423264e0

Score

10^/10

warzonerat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

Bank Millennium.bin.exe

Resource

win7v20210408

warzonerat infostealer rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Bank Millennium.bin.exe

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

185.157.160.215:2211

Targets

- Target
  
  Bank Millennium.bin
- Size
  
  85KB
- MD5
  
  e9a0412da07e244d2cf47c8edbdb9f24
- SHA1
  
  8ee7fe0ce62b889237033b236a50c0c3a478e58d
- SHA256
  
  e23af5d6048c8e86e22bd7117254d7f17bc97c24fe335ea3c411367bdd9953de
- SHA512
  
  801c1446e17793d8095ebdda54e90102d734717d60866d3e2703879dc5723445808b7ce943600393ee6d5cbdb8718776edeed1cff5d2bb15e8da1a748d117944
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

© 2018-2024

Terms | Privacy