warzonerat | fb350e956f191e61e1b6b973e5bdf0d1b50721aa3c18d380d62847c517b3ad29

General

Target

?? GF ISF Required Elements Worksheet v2 0 (new) - HL-US.scr
Size

705KB
MD5

1aeaa3d7660586286f1de3a8cf42b6a7
SHA1

af967f241edf3c1d966e6770e9721049b5c3d58f
SHA256

074a27ca162b894fea8bd9446e45b40e5342a07024589f3ad28e873d7fd9d8c8
SHA512

32fcc1af5b95df3f8e32109e0b7924db8527cb455e6a77b317bcb34ecdf5e429c9a42b0fdf231c6d16f7cdca6e673e69f2a9988a1fb4e21b6907612813c7daa1

Score

10^/10

WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
rat infostealer warzonerat

Suspicious use of SetThreadContext 1 IoCs

Processes:

__ GF ISF Required Elements Worksheet v2 0 (new) - HL-US.scr

description	pid	process	target process
PID 948 set thread context of 1724	948	__ GF ISF Required Elements Worksheet v2 0 (new) - HL-US.scr	__ GF ISF Required Elements Worksheet v2 0 (new) - HL-US.scr

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

__ GF ISF Required Elements Worksheet v2 0 (new) - HL-US.scr

pid process

948 __ GF ISF Required Elements Worksheet v2 0 (new) - HL-US.scr
Suspicious behavior: MapViewOfSection 1 IoCs

Processes:

__ GF ISF Required Elements Worksheet v2 0 (new) - HL-US.scr

pid process

948 __ GF ISF Required Elements Worksheet v2 0 (new) - HL-US.scr

pid	process
948	__ GF ISF Required Elements Worksheet v2 0 (new) - HL-US.scr

pid	process
948	__ GF ISF Required Elements Worksheet v2 0 (new) - HL-US.scr

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

__ GF ISF Required Elements Worksheet v2 0 (new) - HL-US.scr__ GF ISF Required Elements Worksheet v2 0 (new) - HL-US.scr

description	pid	process	target process
PID 948 wrote to memory of 1724	948	__ GF ISF Required Elements Worksheet v2 0 (new) - HL-US.scr	__ GF ISF Required Elements Worksheet v2 0 (new) - HL-US.scr
PID 948 wrote to memory of 1724	948	__ GF ISF Required Elements Worksheet v2 0 (new) - HL-US.scr	__ GF ISF Required Elements Worksheet v2 0 (new) - HL-US.scr
PID 948 wrote to memory of 1724	948	__ GF ISF Required Elements Worksheet v2 0 (new) - HL-US.scr	__ GF ISF Required Elements Worksheet v2 0 (new) - HL-US.scr
PID 948 wrote to memory of 1724	948	__ GF ISF Required Elements Worksheet v2 0 (new) - HL-US.scr	__ GF ISF Required Elements Worksheet v2 0 (new) - HL-US.scr
PID 1724 wrote to memory of 1956	1724	__ GF ISF Required Elements Worksheet v2 0 (new) - HL-US.scr	cmd.exe
PID 1724 wrote to memory of 1956	1724	__ GF ISF Required Elements Worksheet v2 0 (new) - HL-US.scr	cmd.exe
PID 1724 wrote to memory of 1956	1724	__ GF ISF Required Elements Worksheet v2 0 (new) - HL-US.scr	cmd.exe
PID 1724 wrote to memory of 1956	1724	__ GF ISF Required Elements Worksheet v2 0 (new) - HL-US.scr	cmd.exe
PID 1724 wrote to memory of 1956	1724	__ GF ISF Required Elements Worksheet v2 0 (new) - HL-US.scr	cmd.exe
PID 1724 wrote to memory of 1956	1724	__ GF ISF Required Elements Worksheet v2 0 (new) - HL-US.scr	cmd.exe

C:\Users\Admin\AppData\Local\Temp\__ GF ISF Required Elements Worksheet v2 0 (new) - HL-US.scr
"C:\Users\Admin\AppData\Local\Temp\__ GF ISF Required Elements Worksheet v2 0 (new) - HL-US.scr" /S
2⤵
- Suspicious use of WriteProcessMemory
PID:1724

memory/948-54-0x0000000074F21000-0x0000000074F23000-memory.dmp

Filesize
8KB

Download
memory/948-56-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/1724-55-0x0000000000405907-mapping.dmp

Download
memory/1956-58-0x0000000000000000-mapping.dmp

Download
memory/1956-59-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download