warzonerat | 925206ecf4ece942fa0ee18d8f6100cf4d90790cdf60946f342ad56d9db3848d | Triage

Submit
Reports

Overview

overview

Static

static

decoded-2.exe

windows7-x64

decoded-2.exe

windows10-1703-x64

Analysis

max time kernel
288s
max time network
305s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29-11-2022 17:03

Sharing

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

decoded-2.exe

Resource

win7-20220812-en

warzonerat infostealer rat

windows7-x64

1 signatures

300 seconds

Behavioral task

behavioral2

Sample

decoded-2.exe

Resource

win10-20220901-en

warzonerat infostealer rat

windows10-1703-x64

1 signatures

300 seconds

Report Analysis Logs

General

Target

decoded-2.exe
Size

189KB
MD5

9b04d1482c7baa98d89e2d30d17172b5
SHA1

71679524e9e32b5ff5ad6a8d0476aad284a846f1
SHA256

925206ecf4ece942fa0ee18d8f6100cf4d90790cdf60946f342ad56d9db3848d
SHA512

263a9ccd51e4f273c37b0c982d4fc1a652c0e3f9ad8f13709d4d049601b30451fcfc77bf91afd26e7d8eb6edf581ac0c19afdef6bc85ebf7187ef145b56d1495
SSDEEP

3072:WzPtbXqn6aR97tie5Niae2vl23G3Fzyffz8LTDhY:Wz1bXq6aR97ViJ2vlz9yffz8LTi

Score

10^/10

warzonerat infostealer rat

Malware Config

Signatures

WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
rat infostealer warzonerat

Processes

C:\Users\Admin\AppData\Local\Temp\decoded-2.exe
"C:\Users\Admin\AppData\Local\Temp\decoded-2.exe"
1⤵
PID:1096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1096-54-0x00000000768A1000-0x00000000768A3000-memory.dmp

Filesize
8KB

Download

© 2018-2024

Terms | Privacy