warzonerat | 4e1a0a523e4ee04c32358c3299ce34aa5b6e70e45382b46baa11cbe5d32887ce | Triage

Submit
Reports

Overview

overview

Static

static

PRODUCT DA...ET.exe

windows7-x64

PRODUCT DA...ET.exe

windows10-2004-x64

Sharing

General

Target

PRODUCT DATA SHEET.exe
Size

480KB
Sample

221212-pgldfsea6v
MD5

a3fbbefc3844b6bda8a3bd3d097dc0f9
SHA1

adbd1d468e165bed2d3828b62899ef753d1d4723
SHA256

4e1a0a523e4ee04c32358c3299ce34aa5b6e70e45382b46baa11cbe5d32887ce
SHA512

9e450990b96e1bd8c0a3a7c365e3378f0921ebae9dad33d13f94fadd66e63284496cdee7c945967042986ba5bc9ac6e9c7bb84f71e96555f5e8f8c84e04329f5
SSDEEP

12288:ojOLHTRsDhXHZYhkISiGgtURh1e8hBl9jq:PXRs1XHZDiGgqpr/9j

Score

10^/10

warzonerat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

PRODUCT DATA SHEET.exe

Resource

win7-20220812-en

warzonerat infostealer rat

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

PRODUCT DATA SHEET.exe

Resource

win10v2004-20220812-en

warzonerat infostealer rat

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

valvesco.duckdns.org:5353

Targets

- Target
  
  PRODUCT DATA SHEET.exe
- Size
  
  480KB
- MD5
  
  a3fbbefc3844b6bda8a3bd3d097dc0f9
- SHA1
  
  adbd1d468e165bed2d3828b62899ef753d1d4723
- SHA256
  
  4e1a0a523e4ee04c32358c3299ce34aa5b6e70e45382b46baa11cbe5d32887ce
- SHA512
  
  9e450990b96e1bd8c0a3a7c365e3378f0921ebae9dad33d13f94fadd66e63284496cdee7c945967042986ba5bc9ac6e9c7bb84f71e96555f5e8f8c84e04329f5
- SSDEEP
  
  12288:ojOLHTRsDhXHZYhkISiGgtURh1e8hBl9jq:PXRs1XHZDiGgqpr/9j
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

warzoneratinfostealerrat

© 2018-2024

Terms | Privacy