warzonerat | 6834d5995895969e31dd2da8e2e0bbff49903dffe0d05e5a82c13c9c171bbf05 | Triage

Submit
Reports

Overview

overview

Static

static

Dhl 00238847673.exe

windows7-x64

Dhl 00238847673.exe

windows10-2004-x64

Sharing

General

Target

Dhl 00238847673.exe
Size

946KB
Sample

221208-m327zshg49
MD5

f0a14ad248d58b8b5a6adf824422e1b9
SHA1

c565f9a8e0a1a86923e5d6ebc64c1472ee2af557
SHA256

6834d5995895969e31dd2da8e2e0bbff49903dffe0d05e5a82c13c9c171bbf05
SHA512

05897dd765d5f7c147d328588ba183da1b8f41debc36df562e6a7dc924b46b104026661ebc59214b2c6d18d84336e0c56d75f0225f00501cd5f630f6be985b52
SSDEEP

12288:J2FmmFeBGPtdUAJolwPY0+IR8pKrPtedg3Yf/KzKpY+ZmBjHUk+qjK3o30G:QFeAl9JZ8eIf/KzyhZmBHEd

Score

10^/10

warzonerat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

Dhl 00238847673.exe

Resource

win7-20220812-en

warzonerat infostealer rat

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

Dhl 00238847673.exe

Resource

win10v2004-20220812-en

warzonerat infostealer rat

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  Dhl 00238847673.exe
- Size
  
  946KB
- MD5
  
  f0a14ad248d58b8b5a6adf824422e1b9
- SHA1
  
  c565f9a8e0a1a86923e5d6ebc64c1472ee2af557
- SHA256
  
  6834d5995895969e31dd2da8e2e0bbff49903dffe0d05e5a82c13c9c171bbf05
- SHA512
  
  05897dd765d5f7c147d328588ba183da1b8f41debc36df562e6a7dc924b46b104026661ebc59214b2c6d18d84336e0c56d75f0225f00501cd5f630f6be985b52
- SSDEEP
  
  12288:J2FmmFeBGPtdUAJolwPY0+IR8pKrPtedg3Yf/KzKpY+ZmBjHUk+qjK3o30G:QFeAl9JZ8eIf/KzyhZmBHEd
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

warzoneratinfostealerrat

© 2018-2024

Terms | Privacy