General
-
Target
5db3ab9ce1ab8ce083460fedf3c26145.exe
-
Size
132KB
-
Sample
220930-yd3m1afedp
-
MD5
5db3ab9ce1ab8ce083460fedf3c26145
-
SHA1
3d39b44bba0bc9bed6be891b5d6cd0e66b430e4b
-
SHA256
f712d6a7c1b8cd50ab3ae92115b3ef771a32e4e2663b2d0d75fda65512fec088
-
SHA512
30bc848066f8688c3fad9bae176891285b52a50f33736429b577e026a2aa09a4406713c18aacee377c49f45311b4955c00409078259da8cd4adf73aa85a34696
-
SSDEEP
3072:K7W9jps0Tx4azG6GweOTir5axbjNCz45LT7a:KwpsERzGKurEXCzeLT7a
Malware Config
Extracted
warzonerat
151.106.19.203:5204
Targets
-
-
Target
5db3ab9ce1ab8ce083460fedf3c26145.exe
-
Size
132KB
-
MD5
5db3ab9ce1ab8ce083460fedf3c26145
-
SHA1
3d39b44bba0bc9bed6be891b5d6cd0e66b430e4b
-
SHA256
f712d6a7c1b8cd50ab3ae92115b3ef771a32e4e2663b2d0d75fda65512fec088
-
SHA512
30bc848066f8688c3fad9bae176891285b52a50f33736429b577e026a2aa09a4406713c18aacee377c49f45311b4955c00409078259da8cd4adf73aa85a34696
-
SSDEEP
3072:K7W9jps0Tx4azG6GweOTir5axbjNCz45LT7a:KwpsERzGKurEXCzeLT7a
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-