warzonerat | 932d5ef35aaa8c8c802fa14326ca63e80f3cf2bb7c1a40d52d343f2fc63efc44 | Triage

Submit
Reports

Overview

overview

Static

static

Naujas už...41.exe

windows7_x64

Naujas už...41.exe

windows10_x64

Sharing

General

Target

Naujas užsakymas. 141.exe
Size

1.9MB
Sample

211005-va4t4saba9
MD5

24273d15847409151e621949d6d1f45c
SHA1

c1f4fa43e048a44b8b3d48858f8662589e4ea9cf
SHA256

932d5ef35aaa8c8c802fa14326ca63e80f3cf2bb7c1a40d52d343f2fc63efc44
SHA512

d2ccb22384690e73e900efb1c3faeead7c5d4bf5d334fb53c9a3c4c0bf48cdb26f27e1f9a1835c6cfca0939e4f8b32e042a65edce60c6c8ec4d593e374979662

Score

10^/10

warzonerat infostealer persistence rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Naujas užsakymas. 141.exe

Resource

win7v20210408

warzonerat infostealer persistence rat spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Naujas užsakymas. 141.exe

Resource

win10-en-20210920

warzonerat infostealer persistence rat spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

91.193.75.173:6667

Targets

- Target
  
  Naujas užsakymas. 141.exe
- Size
  
  1.9MB
- MD5
  
  24273d15847409151e621949d6d1f45c
- SHA1
  
  c1f4fa43e048a44b8b3d48858f8662589e4ea9cf
- SHA256
  
  932d5ef35aaa8c8c802fa14326ca63e80f3cf2bb7c1a40d52d343f2fc63efc44
- SHA512
  
  d2ccb22384690e73e900efb1c3faeead7c5d4bf5d334fb53c9a3c4c0bf48cdb26f27e1f9a1835c6cfca0939e4f8b32e042a65edce60c6c8ec4d593e374979662
Score

10^/10

warzonerat infostealer persistence rat spyware stealer
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratinfostealerpersistenceratspywarestealer

behavioral2

warzoneratinfostealerpersistenceratspywarestealer

© 2018-2024

Terms | Privacy