warzonerat | 672ae14fc78158bc3a5b44c20488600a02e54a9d9231420a343885ab7e1c8f4f | Triage

Submit
Reports

Overview

overview

Static

static

4SgcpBifNVPbGl6.exe

windows7_x64

4SgcpBifNVPbGl6.exe

windows10_x64

Sharing

General

Target

4SgcpBifNVPbGl6.exe
Size

966KB
Sample

220321-tythlsdbc2
MD5

fbe792df5474f73a0b287a21ae093337
SHA1

9b9f41e121439f09ceef0d6e8d640f63a2433606
SHA256

672ae14fc78158bc3a5b44c20488600a02e54a9d9231420a343885ab7e1c8f4f
SHA512

7bb9527211da305efaecd75f02dad41e6c8daffc4b94d09c6af85ab03bc0d4af76dc8ef7383637f534468d32ce06e17893757d7c1ffacbaf4b43787bc450703f

Score

10^/10

warzonerat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

4SgcpBifNVPbGl6.exe

Resource

win7-20220310-en

warzonerat infostealer rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

4SgcpBifNVPbGl6.exe

Resource

win10-20220310-en

warzonerat infostealer rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

103.125.189.167:1998

Targets

- Target
  
  4SgcpBifNVPbGl6.exe
- Size
  
  966KB
- MD5
  
  fbe792df5474f73a0b287a21ae093337
- SHA1
  
  9b9f41e121439f09ceef0d6e8d640f63a2433606
- SHA256
  
  672ae14fc78158bc3a5b44c20488600a02e54a9d9231420a343885ab7e1c8f4f
- SHA512
  
  7bb9527211da305efaecd75f02dad41e6c8daffc4b94d09c6af85ab03bc0d4af76dc8ef7383637f534468d32ce06e17893757d7c1ffacbaf4b43787bc450703f
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

warzoneratinfostealerrat

© 2018-2024

Terms | Privacy