General
-
Target
6bc7a73b311d855aa5ccbb642a674854.exe
-
Size
113KB
-
Sample
221130-j55jcafb8t
-
MD5
6bc7a73b311d855aa5ccbb642a674854
-
SHA1
96e2d8d56ca92ac126241efdee5c34a2b2c008d2
-
SHA256
a71b96d3414fc0bd86d7701a20fd3f853e70597888a3f0fc0944ba2bd8efea09
-
SHA512
5e4327bcc73c252734505e835be6b507773d46e15e3b59def2579430cc03bdce7535949bf81cfe70d817487c30d61ef25a713517f0f125d9028d01e2bd16ef89
-
SSDEEP
1536:h0jP7/L1B5rVmN8sxHv2M28ix8EUaJxWFB4u0OVE01:K1VmhaH8EFvWF0OVE0
Malware Config
Extracted
warzonerat
79.134.225.118:1604
Targets
-
-
Target
6bc7a73b311d855aa5ccbb642a674854.exe
-
Size
113KB
-
MD5
6bc7a73b311d855aa5ccbb642a674854
-
SHA1
96e2d8d56ca92ac126241efdee5c34a2b2c008d2
-
SHA256
a71b96d3414fc0bd86d7701a20fd3f853e70597888a3f0fc0944ba2bd8efea09
-
SHA512
5e4327bcc73c252734505e835be6b507773d46e15e3b59def2579430cc03bdce7535949bf81cfe70d817487c30d61ef25a713517f0f125d9028d01e2bd16ef89
-
SSDEEP
1536:h0jP7/L1B5rVmN8sxHv2M28ix8EUaJxWFB4u0OVE01:K1VmhaH8EFvWF0OVE0
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-