warzonerat | 99371e32494bfb38d63bb427cb5f868bbfb1d342e030d3a04ef3b3651eaf8500

General

Target

1106d5f8e093af4ef06b0297fbd31f64.exe
Size

312KB
Sample

221121-3sab8abh34
MD5

1106d5f8e093af4ef06b0297fbd31f64
SHA1

bda37d2687bfd83b3d0b82372e426482676084a7
SHA256

99371e32494bfb38d63bb427cb5f868bbfb1d342e030d3a04ef3b3651eaf8500
SHA512

941ad648289d42f218bc005f400ca251e69b332316c5e1fd833711f2c65a920a0d217ca38d8984fa0c3d3d4112dd49b9bd329926c9e59f08ef368fa5082a8fd9
SSDEEP

3072:WGJSq+ytGIon9KcdNPMKCrG0OQsq6YZon2JjR1Fu89WrvHxAKiOJGp+7Z:9Ea0RU/rGDHpYa2lrFvCRAnOJdZ

Score

10^/10

Malware Config

Extracted

Family

warzonerat

C2

161.129.44.221:9999

Targets

- Target
  
  1106d5f8e093af4ef06b0297fbd31f64.exe
- Size
  
  312KB
- MD5
  
  1106d5f8e093af4ef06b0297fbd31f64
- SHA1
  
  bda37d2687bfd83b3d0b82372e426482676084a7
- SHA256
  
  99371e32494bfb38d63bb427cb5f868bbfb1d342e030d3a04ef3b3651eaf8500
- SHA512
  
  941ad648289d42f218bc005f400ca251e69b332316c5e1fd833711f2c65a920a0d217ca38d8984fa0c3d3d4112dd49b9bd329926c9e59f08ef368fa5082a8fd9
- SSDEEP
  
  3072:WGJSq+ytGIon9KcdNPMKCrG0OQsq6YZon2JjR1Fu89WrvHxAKiOJGp+7Z:9Ea0RU/rGDHpYa2lrFvCRAnOJdZ
Score

10^/10

warzonerat collection infostealer rat spyware stealer
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

WarzoneRat, AveMaria

Warzone RAT payload

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2