warzonerat | aae4755bbcb113d841a8d12c5f1c1523f193c6f6db23598f49cf2a1c9a4b8cd4 | Triage

Sharing

General

Target

Order#7631298.slip..xls...exe
Size

543KB
Sample

211028-fkpqlshbh7
MD5

9cb16b19535f9fa43ba9398c4390889e
SHA1

d8d8f8be6a0bb8343330d108d6c7467f4f0082fd
SHA256

aae4755bbcb113d841a8d12c5f1c1523f193c6f6db23598f49cf2a1c9a4b8cd4
SHA512

44f1df322013586b328ce12bd7e29cbd8e88fa8a783830947b154a747cc66cb367391fc6edfb72346371108c0b91f15850b7367f79ed610178d4ec737bcd6336

Score

10^/10

warzonerat infostealer rat

Malware Config

Extracted

Family

warzonerat

C2

185.222.57.242:1004

Targets

- Target
  
  Order#7631298.slip..xls...exe
- Size
  
  543KB
- MD5
  
  9cb16b19535f9fa43ba9398c4390889e
- SHA1
  
  d8d8f8be6a0bb8343330d108d6c7467f4f0082fd
- SHA256
  
  aae4755bbcb113d841a8d12c5f1c1523f193c6f6db23598f49cf2a1c9a4b8cd4
- SHA512
  
  44f1df322013586b328ce12bd7e29cbd8e88fa8a783830947b154a747cc66cb367391fc6edfb72346371108c0b91f15850b7367f79ed610178d4ec737bcd6336
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

warzoneratinfostealerrat