warzonerat | 50757b77a949ddcf92e70cb861329bfe1657d5c25f1d287756a5eb181fc127d4 | Triage

Submit
Reports

Overview

overview

Static

static

FAKTURA.exe

windows7-x64

FAKTURA.exe

windows10-2004-x64

Sharing

General

Target

FAKTURA.exe
Size

81KB
Sample

221003-le461ahdbk
MD5

190fc47ddc0eac2738f89a6878bc73ad
SHA1

7ad43030bcadc2a6a1205522252fa33f6ed22dff
SHA256

50757b77a949ddcf92e70cb861329bfe1657d5c25f1d287756a5eb181fc127d4
SHA512

a66038ab681ac1a0cc795c102d39e1f5799c1c506f7dea948a0079e2c6fbce1590ce78782e209acc836dae1744ac985e494ff11280f2f04304ba6732fb5c2d7a
SSDEEP

1536:rqBz4UVUa/CIRV5hcCSJ+rWqIDJ9zJJQUvJPO:rqB4Ba/CGuCSJ+rWqIDDJi6s

Score

10^/10

warzonerat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

FAKTURA.exe

Resource

win7-20220812-en

warzonerat infostealer rat

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

FAKTURA.exe

Resource

win10v2004-20220812-en

warzonerat infostealer rat

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

ekuroekuro.duckdns.org:5200

Targets

- Target
  
  FAKTURA.exe
- Size
  
  81KB
- MD5
  
  190fc47ddc0eac2738f89a6878bc73ad
- SHA1
  
  7ad43030bcadc2a6a1205522252fa33f6ed22dff
- SHA256
  
  50757b77a949ddcf92e70cb861329bfe1657d5c25f1d287756a5eb181fc127d4
- SHA512
  
  a66038ab681ac1a0cc795c102d39e1f5799c1c506f7dea948a0079e2c6fbce1590ce78782e209acc836dae1744ac985e494ff11280f2f04304ba6732fb5c2d7a
- SSDEEP
  
  1536:rqBz4UVUa/CIRV5hcCSJ+rWqIDJ9zJJQUvJPO:rqB4Ba/CGuCSJ+rWqIDDJi6s
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

warzoneratinfostealerrat

© 2018-2024

Terms | Privacy