Overview

overview

10

Static

static

586d4b5734...38.exe

windows7-x64

10

586d4b5734...38.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    586d4b57347211b4f9e6548478039e38.exe

  • Size

    292KB

  • Sample

    221118-2hnanafa7w

  • MD5

    586d4b57347211b4f9e6548478039e38

  • SHA1

    1a32e21e3a4e855ce7e1476b4d17be44d3631bbd

  • SHA256

    9b586267df3982790217e4656bb750ed72b54704e96eaebeca194bbed21ea2aa

  • SHA512

    ee360d2bb596adbaac98e1cfe04fd20a50b1070c29041bae48f8e43bfdbab2dd27bf269a1a846b9bf1167afcba3952afc7bbeb322348503ea1ed01d02ed75476

  • SSDEEP

    6144:YMWbrbYq1cxsv3am22UlGHUSwgFJWgg2a8/JMh:fWPEqd3alGHjLoR2d

Score
10/10
warzoneratinfostealerrat

Malware Config

Targets

    • Target

      586d4b57347211b4f9e6548478039e38.exe

    • Size

      292KB

    • MD5

      586d4b57347211b4f9e6548478039e38

    • SHA1

      1a32e21e3a4e855ce7e1476b4d17be44d3631bbd

    • SHA256

      9b586267df3982790217e4656bb750ed72b54704e96eaebeca194bbed21ea2aa

    • SHA512

      ee360d2bb596adbaac98e1cfe04fd20a50b1070c29041bae48f8e43bfdbab2dd27bf269a1a846b9bf1167afcba3952afc7bbeb322348503ea1ed01d02ed75476

    • SSDEEP

      6144:YMWbrbYq1cxsv3am22UlGHUSwgFJWgg2a8/JMh:fWPEqd3alGHjLoR2d

    Score
    10/10
    warzoneratinfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT payload

      rat

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks