warzonerat | 66bfee7c40de7f8f6e9d20b337fc22d9eec1a5a1764d3b29c26639ebdeeddc71 | Triage

Submit
Reports

Overview

overview

Static

static

Kopija pri...df.exe

windows7-x64

Kopija pri...df.exe

windows10-2004-x64

Sharing

General

Target

Kopija prijenosa pla?anjaBohm d.o.o·pdf.exe
Size

703KB
Sample

221205-ld7kqsah6z
MD5

224276b92f42bd2f29a64adfd7c4377b
SHA1

374a33fd32bc2139c06973ec36ad302ca74f9eac
SHA256

66bfee7c40de7f8f6e9d20b337fc22d9eec1a5a1764d3b29c26639ebdeeddc71
SHA512

f8a9b5819884a9988739a2e93972fcf16f4b615a3020503f47cf2ee9eb1261a42267902fec0ef1418d186ef68df1d3822ec8979e0c43fc51b8ca59392cc680aa
SSDEEP

12288:lPuYd+V6b1momPZefNrInBocHPup1vTfPRgEUQXMXu5qcioLuBomBqQe:lPuYd+V6bIomxiNMecHPupBTHRTUQXMW

Score

10^/10

warzonerat collection infostealer rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Kopija prijenosa pla?anjaBohm d.o.o·pdf.exe

Resource

win7-20220812-en

warzonerat infostealer rat

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

Kopija prijenosa pla?anjaBohm d.o.o·pdf.exe

Resource

win10v2004-20220812-en

warzonerat collection infostealer rat spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

bryandatabase.duckdns.org:46564

Targets

- Target
  
  Kopija prijenosa pla?anjaBohm d.o.o·pdf.exe
- Size
  
  703KB
- MD5
  
  224276b92f42bd2f29a64adfd7c4377b
- SHA1
  
  374a33fd32bc2139c06973ec36ad302ca74f9eac
- SHA256
  
  66bfee7c40de7f8f6e9d20b337fc22d9eec1a5a1764d3b29c26639ebdeeddc71
- SHA512
  
  f8a9b5819884a9988739a2e93972fcf16f4b615a3020503f47cf2ee9eb1261a42267902fec0ef1418d186ef68df1d3822ec8979e0c43fc51b8ca59392cc680aa
- SSDEEP
  
  12288:lPuYd+V6b1momPZefNrInBocHPup1vTfPRgEUQXMXu5qcioLuBomBqQe:lPuYd+V6bIomxiNMecHPupBTHRTUQXMW
Score

10^/10

warzonerat infostealer rat collection spyware stealer
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

warzoneratcollectioninfostealerratspywarestealer

© 2018-2024

Terms | Privacy