warzonerat | d1ce6205e2058fc13f81a5c14ebcbe2265228be3948aa0545c974335e8561b0b | Triage

Submit
Reports

Overview

overview

Static

static

RE URGENT...EN.exe

windows7_x64

RE URGENT...EN.exe

windows10_x64

Sharing

General

Target

RE URGENT!!! 2 x 20ft - SHIPPING DOC BL,SI,INV#462345 MAERSK KLEVEN.rar
Size

1021KB
Sample

211014-bz272afeg3
MD5

7fa3bf29d58333c62fc36bc2ab0fdadf
SHA1

2d0d8c185e4ad383c3f9b4e4be9c541385cda01f
SHA256

d1ce6205e2058fc13f81a5c14ebcbe2265228be3948aa0545c974335e8561b0b
SHA512

dd4d1c99abb4bcbdb4ebcf6c7ed657b34abf95539fb4a6eca2e97e03e79d150e55d104fddb5b8ce1d58c49c00e70f565bd0b3de844ef88b7d2a3c4e04dbe74e0

Score

10^/10

warzonerat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

RE URGENT!!! 2 x 20ft - SHIPPING DOC BL,SI,INV#462345 MAERSK KLEVEN.exe

Resource

win7-en-20210920

warzonerat infostealer rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

RE URGENT!!! 2 x 20ft - SHIPPING DOC BL,SI,INV#462345 MAERSK KLEVEN.exe

Resource

win10v20210408

warzonerat infostealer rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

bestsuccess.ddns.net:2442

Targets

- Target
  
  RE URGENT!!! 2 x 20ft - SHIPPING DOC BL,SI,INV#462345 MAERSK KLEVEN.exe
- Size
  
  991KB
- MD5
  
  afecebe5a5e2394aef67af6eded00288
- SHA1
  
  446d8e6f515a82457214ea50b4f897684218fbce
- SHA256
  
  798afa1c705601611bc76eb9420d00072c5c5a7f42f410d11876b772ce71839e
- SHA512
  
  d7a59556a47efa0e1a16fb48a4d3581dbbddb35ba3ac2e950c6da8cb6292c1dc9840a1b773ab203814d0dba2009d61565a7908ffb68a97323ff99b1f5a15e7e7
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

warzoneratinfostealerrat

© 2018-2024

Terms | Privacy