warzonerat | 0f3d2d1c663f1e9933c65c73ea89458b895e0bb29e8b10fbd8e99a18379fa2df | Triage

Sharing

General

Target

548a3af7618d0bb437996d197d02871f.exe
Size

189KB
Sample

221122-njt8pseg5x
MD5

548a3af7618d0bb437996d197d02871f
SHA1

7ae3ddb651722e9d60ab785520971f31ff3521fc
SHA256

0f3d2d1c663f1e9933c65c73ea89458b895e0bb29e8b10fbd8e99a18379fa2df
SHA512

f898aba98e9fc1934b16cf78dffd2669719157bd22c9febbc38eaef55bfa6981986ef95e1e86912fbca8a7b894ca58aa63a9f8553a2850c32eec7358a39d60f1
SSDEEP

3072:WzPtbXqn6aR97tie5Niae2vl23G3Fzyjfz8LTD1:Wz1bXq6aR97ViJ2vlz9yjfz8LT

Score

10^/10

warzonerat collection infostealer rat spyware stealer

Malware Config

Targets

- Target
  
  548a3af7618d0bb437996d197d02871f.exe
- Size
  
  189KB
- MD5
  
  548a3af7618d0bb437996d197d02871f
- SHA1
  
  7ae3ddb651722e9d60ab785520971f31ff3521fc
- SHA256
  
  0f3d2d1c663f1e9933c65c73ea89458b895e0bb29e8b10fbd8e99a18379fa2df
- SHA512
  
  f898aba98e9fc1934b16cf78dffd2669719157bd22c9febbc38eaef55bfa6981986ef95e1e86912fbca8a7b894ca58aa63a9f8553a2850c32eec7358a39d60f1
- SSDEEP
  
  3072:WzPtbXqn6aR97tie5Niae2vl23G3Fzyjfz8LTD1:Wz1bXq6aR97ViJ2vlz9yjfz8LT
Score

10^/10

warzonerat collection infostealer rat spyware stealer
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratcollectioninfostealerratspywarestealer

behavioral2

warzoneratinfostealerrat