warzonerat | acc8d7fcd58098b4baabe139fc928b4845e1ceedad4bb646be8062549d545f58 | Triage

Sharing

General

Target

ACC8D7FCD58098B4BAABE139FC928B4845E1CEEDAD4BB646BE8062549D545F58
Size

199KB
Sample

221123-r2y66aac26
MD5

d0460acb63cc3d618443d8b568b9d06e
SHA1

25f0d1ed9f493df683b4c55388381914428be3e1
SHA256

acc8d7fcd58098b4baabe139fc928b4845e1ceedad4bb646be8062549d545f58
SHA512

6ed2c1d575f352427717cc1c00ae9f2aa9159c3ba6ec4e5e81384d5b2e19e1b36336894107d23448460f19f54816c5ac897edd78401cabc3d591718568b0b859
SSDEEP

6144:sQ0ejyuloFWewoIxbDP6EG53QKlfK+RaROdwpS9bhZ3:s4oFjwHPP67gKlfK+wVc9bD

Score

10^/10

warzonerat infostealer rat

Malware Config

Extracted

Family

warzonerat

C2

charlesdnsoh.duckdns.org:77

Targets

- Target
  
  SOA72736467388453latest.exe
- Size
  
  261KB
- MD5
  
  676cf08fb03d8a9ffcf5ab5d36447c15
- SHA1
  
  d5affa18c7ec3b13bc91f103d08e9b779ccd5560
- SHA256
  
  5b3b7ebe915f592364c520775e220965c95bdb9dee6160de07993866645c0dea
- SHA512
  
  05c458b547d715ae0ca5d9d4a7c55b699b35b087a28584deb9f7720f8ed70b464690749c6e60a6f64f4d348f7c5f36837baac29ee7c1c76543972ff155d1e5e1
- SSDEEP
  
  6144:NBHhJHDyzWdMSHDPUEPFWjlxUTm7LcTbTeEZFH0pviB9jV5QR:NJhNdMS1Ajlaq7LcHT9qsB
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

warzoneratinfostealerrat