warzonerat | cf7121280fc47f569af78084d7eced02fc6e2967964d09f4b6dc83f5829be15c | Triage

Submit
Reports

Overview

overview

Static

static

DHL_EXPRES...16.exe

windows7_x64

DHL_EXPRES...16.exe

windows10_x64

Sharing

General

Target

DHL_EXPRES_INFORMATION-0100032021-0241429142009616.exe
Size

516KB
Sample

211004-fyq6lagaar
MD5

744d8cfe9741f30e34fd8c8d702bf641
SHA1

2f152b054393fdaaa05de6335ba12c3cb642a502
SHA256

cf7121280fc47f569af78084d7eced02fc6e2967964d09f4b6dc83f5829be15c
SHA512

3864735b900f33cd9c241d7fb1d9bf06d5d17d93c07f9964266bd51c4cc463dc9cbb06b930b3d05664d3402b944270ecdbc68af07abf871d47baedd874161619

Score

10^/10

warzonerat infostealer rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

DHL_EXPRES_INFORMATION-0100032021-0241429142009616.exe

Resource

win7v20210408

warzonerat infostealer rat spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

DHL_EXPRES_INFORMATION-0100032021-0241429142009616.exe

Resource

win10-en-20210920

warzonerat infostealer rat spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

185.19.85.154:9971

Targets

- Target
  
  DHL_EXPRES_INFORMATION-0100032021-0241429142009616.exe
- Size
  
  516KB
- MD5
  
  744d8cfe9741f30e34fd8c8d702bf641
- SHA1
  
  2f152b054393fdaaa05de6335ba12c3cb642a502
- SHA256
  
  cf7121280fc47f569af78084d7eced02fc6e2967964d09f4b6dc83f5829be15c
- SHA512
  
  3864735b900f33cd9c241d7fb1d9bf06d5d17d93c07f9964266bd51c4cc463dc9cbb06b930b3d05664d3402b944270ecdbc68af07abf871d47baedd874161619
Score

10^/10

warzonerat infostealer rat spyware stealer
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratinfostealerratspywarestealer

behavioral2

warzoneratinfostealerratspywarestealer

© 2018-2024

Terms | Privacy