warzonerat | 16b057b04ed9bbf2c4d3b60aeb2fc3bba51d0dc5d718aee152e8cbd41a76de29 | Triage

Submit
Reports

Overview

overview

Static

static

Technical sheet.rtf

windows7-x64

Technical sheet.rtf

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

Technical sheet.doc
Size

216KB
Sample

220922-h2banaadf2
MD5

efc5bfa2270790827e34c1aefc4e3693
SHA1

617dbe5c615bf5fdb70f9a4cddec3703252be28a
SHA256

16b057b04ed9bbf2c4d3b60aeb2fc3bba51d0dc5d718aee152e8cbd41a76de29
SHA512

e4c98d13ae1b937cad9a667b9c981a1271011f4d0471e290709e56e473cb2194d1b6e96cb63a9573c2ab555f36ee1a88b94512f212caeaf2e60b123bb6b78180
SSDEEP

1536:9i7ENH5B8eHZbv7bpKsYoItS3xPWpjz+EEFZVzFz76mAg5eeVhMDw5wfLP:9LtRVzFtr5RDAw5wfz

Score

10^/10

warzonerat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

Technical sheet.rtf

Resource

win7-20220812-en

warzonerat infostealer rat

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

Technical sheet.rtf

Resource

win10v2004-20220812-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://185.230.162.87/news/Helppane.exe

Extracted

Family

warzonerat

C2

20.126.95.155:7800

Targets

- Target
  
  Technical sheet.doc
- Size
  
  216KB
- MD5
  
  efc5bfa2270790827e34c1aefc4e3693
- SHA1
  
  617dbe5c615bf5fdb70f9a4cddec3703252be28a
- SHA256
  
  16b057b04ed9bbf2c4d3b60aeb2fc3bba51d0dc5d718aee152e8cbd41a76de29
- SHA512
  
  e4c98d13ae1b937cad9a667b9c981a1271011f4d0471e290709e56e473cb2194d1b6e96cb63a9573c2ab555f36ee1a88b94512f212caeaf2e60b123bb6b78180
- SSDEEP
  
  1536:9i7ENH5B8eHZbv7bpKsYoItS3xPWpjz+EEFZVzFz76mAg5eeVhMDw5wfLP:9LtRVzFtr5RDAw5wfz
Score

10^/10

warzonerat infostealer rat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

© 2018-2025

Terms | Privacy