Overview

overview

10

Static

static

File2289.exe

windows7_x64

10

File2289.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    File2289.exe

  • Size

    734KB

  • Sample

    220311-rz1bfachdk

  • MD5

    81e2134ec12d6342cf59df927e4352d8

  • SHA1

    5c798138ebbdb723a7db9f7cf7d3a3b7cdba9515

  • SHA256

    524898ddc5d913718bd872b30e7bfa2eadd322952f6f26f1c671a9271d57456b

  • SHA512

    3d762d4ac94425d972e45de67aaea0b835393fc43229853484e8065f068dc4963e08b780686a09dcbaf06fa3d3e99880b2ccb43b5f7b89dde4104e4c69ec0db8

Score
10/10
warzoneratinfostealerrat

Malware Config

Extracted

Family

warzonerat

C2

84.38.132.36:5200

Targets

    • Target

      File2289.exe

    • Size

      734KB

    • MD5

      81e2134ec12d6342cf59df927e4352d8

    • SHA1

      5c798138ebbdb723a7db9f7cf7d3a3b7cdba9515

    • SHA256

      524898ddc5d913718bd872b30e7bfa2eadd322952f6f26f1c671a9271d57456b

    • SHA512

      3d762d4ac94425d972e45de67aaea0b835393fc43229853484e8065f068dc4963e08b780686a09dcbaf06fa3d3e99880b2ccb43b5f7b89dde4104e4c69ec0db8

    Score
    10/10
    warzoneratinfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Warzone RAT Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks