Overview

overview

10

Static

static

03281c5b93...be.exe

windows7-x64

10

03281c5b93...be.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    03281c5b93b74f340171f8ae1268f3f6f12ef63f27a268ffdc204d8c5b6aacbe

  • Size

    2.3MB

  • Sample

    221130-pz1absbe57

  • MD5

    f7f8941fedcf1e32b8a5a42bafbe9acb

  • SHA1

    42cb7a9ce43aba5fbf770ba851aeb0ae0afc4d6b

  • SHA256

    03281c5b93b74f340171f8ae1268f3f6f12ef63f27a268ffdc204d8c5b6aacbe

  • SHA512

    24f2bce87f01f7f65d39cfd81b833ac238483b11a2e11f5116b6306988835833e075ecc77b782d34ffba5cf228aa74b9d44e37f6bec3884268465eea2501cd87

  • SSDEEP

    12288:ghuybpmkofJXiiiuuREN2BWw4vU/ReQPKS7X0TBpg0CqMDen:gTEhd6WLviF0

Score
10/10
warzoneratinfostealerrat

Malware Config

Extracted

Family

warzonerat

C2

95.179.178.117:80

Targets

    • Target

      03281c5b93b74f340171f8ae1268f3f6f12ef63f27a268ffdc204d8c5b6aacbe

    • Size

      2.3MB

    • MD5

      f7f8941fedcf1e32b8a5a42bafbe9acb

    • SHA1

      42cb7a9ce43aba5fbf770ba851aeb0ae0afc4d6b

    • SHA256

      03281c5b93b74f340171f8ae1268f3f6f12ef63f27a268ffdc204d8c5b6aacbe

    • SHA512

      24f2bce87f01f7f65d39cfd81b833ac238483b11a2e11f5116b6306988835833e075ecc77b782d34ffba5cf228aa74b9d44e37f6bec3884268465eea2501cd87

    • SSDEEP

      12288:ghuybpmkofJXiiiuuREN2BWw4vU/ReQPKS7X0TBpg0CqMDen:gTEhd6WLviF0

    Score
    10/10
    warzoneratinfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks