Overview

overview

10

Static

static

1

9675c26063...12.exe

windows7-x64

10

9675c26063...12.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9675c26063960c74114460aa260684a0de5474930ab239b44afe8fba6ad4e012.zip

  • Size

    8KB

  • Sample

    230321-qpl6dsae38

  • MD5

    0b94d4ce04ef25f4c7e8ce5328bb73b2

  • SHA1

    9d0c1ba81ae49e7a8365d0defde936fed0d26e7c

  • SHA256

    200a5245ee4174e73c37d6899388b06c18773f9f9ab438b1ff38cb91be0c2437

  • SHA512

    f75d38d4ee5f4529336135919040ed7cda40d4d319a42f77c94d059243998b0eaab087b60aa5866989f4ca58a4cee798219320ed855c41aa78eaa312ca2a320d

  • SSDEEP

    192:alZp7aZIHu+SJZOi78AknnS6Z/5TzgEjWLkh4k:4j71O+SPOJA4nSUxvBj72k

Score
10/10
warzoneratinfostealerrat

Malware Config

Extracted

Family

warzonerat

C2

45.72.96.199:55081

Targets

    • Target

      9675c26063960c74114460aa260684a0de5474930ab239b44afe8fba6ad4e012.exe

    • Size

      18KB

    • MD5

      0be9c9de62ce0696daf9230cb5603ad9

    • SHA1

      4058637baa85bbd6d10b8919b45341a712fc9004

    • SHA256

      9675c26063960c74114460aa260684a0de5474930ab239b44afe8fba6ad4e012

    • SHA512

      1ba30334398dbf72a11d57cc781419faa7d9100d288ac9f09d1a1d16466aad226235eff6277c071e63980c4c2aac8ad467f0376fcb28a355616a661d7324ba95

    • SSDEEP

      384:EzRd+2oW9S6/x47DBh3OcMCkd1N7/lbjRE7XxSfw2:9W9S6/W7DBJOcMCkd1BRRmXJ

    Score
    10/10
    warzoneratinfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT payload

      rat

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks