warzonerat | 891ec551723db54320278c70e3bb92c573aed9144e9c4b3b0250ed0a5af3d962 | Triage

Submit
Reports

Overview

overview

Static

static

trialerror.exe

windows7_x64

trialerror.exe

windows10_x64

Sharing

General

Target

trialerror.exe
Size

382KB
Sample

211028-mq2qpacbe7
MD5

20d8aa33ef434402409f324347a0ec7d
SHA1

c0229260f9d86f9d84f03e157292151c7291c9cf
SHA256

891ec551723db54320278c70e3bb92c573aed9144e9c4b3b0250ed0a5af3d962
SHA512

f95c0fdd1284f9810e7140d1207ef86643ff447855e497b2023ddc066235ff19561406aa9d4a6c13f41496d5ff31e1c6b11773a676469d42c245a2b7ce472bae

Score

10^/10

warzonerat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

trialerror.exe

Resource

win7-en-20210920

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

trialerror.exe

Resource

win10-en-20210920

warzonerat infostealer rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

85.17.126.20:5200

Targets

- Target
  
  trialerror.exe
- Size
  
  382KB
- MD5
  
  20d8aa33ef434402409f324347a0ec7d
- SHA1
  
  c0229260f9d86f9d84f03e157292151c7291c9cf
- SHA256
  
  891ec551723db54320278c70e3bb92c573aed9144e9c4b3b0250ed0a5af3d962
- SHA512
  
  f95c0fdd1284f9810e7140d1207ef86643ff447855e497b2023ddc066235ff19561406aa9d4a6c13f41496d5ff31e1c6b11773a676469d42c245a2b7ce472bae
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Nirsoft
- Warzone RAT Payload
  rat
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

warzoneratinfostealerrat

© 2018-2024

Terms | Privacy