warzonerat | 3235ff66b44e547176bd6b0ad15d0b1c831de5fb5b2fbef3bf74c7b2394ccb90 | Triage

Submit
Reports

Overview

overview

Static

static

1

189d5e75f3...34.exe

windows7-x64

189d5e75f3...34.exe

windows10-2004-x64

Sharing

General

Target

464a6ec43ac1f064d3dfe307c7dfd921.bin
Size

545KB
Sample

230402-bv5glafc4w
MD5

255c0ba17fa8f5d0626b67ab126ffac2
SHA1

74560f79c08194d930090ba5ae69907cba9cd5d7
SHA256

3235ff66b44e547176bd6b0ad15d0b1c831de5fb5b2fbef3bf74c7b2394ccb90
SHA512

a5cb0de691b01242731b002b85310a9f283e57ab386c14e6010f1316b07a64d607a9c4f55a3c40da27fddfc93dbefbafbf60574257de8760e305872a09a56b22
SSDEEP

12288:js6nd/Z5u+lzjkLzRQLcqLwFKiF9Hqd7dkDi+jnaJqdQy2:I6Zfu+5jACLc6mqlEiUaJW2

Score

10^/10

warzonerat collection infostealer rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

189d5e75f300e21f30ae87cef1c384a3e33e26b5546b8404090bffe3251d4a34.exe

Resource

win7-20230220-en

warzonerat collection infostealer rat spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

189d5e75f300e21f30ae87cef1c384a3e33e26b5546b8404090bffe3251d4a34.exe

Resource

win10v2004-20230220-en

warzonerat collection infostealer rat spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

104.223.19.96:80

Targets

- Target
  
  189d5e75f300e21f30ae87cef1c384a3e33e26b5546b8404090bffe3251d4a34.exe
- Size
  
  662KB
- MD5
  
  464a6ec43ac1f064d3dfe307c7dfd921
- SHA1
  
  468a543b51b6c797b668c8c442e451b1d9efe9d2
- SHA256
  
  189d5e75f300e21f30ae87cef1c384a3e33e26b5546b8404090bffe3251d4a34
- SHA512
  
  00e09724295dcf036ae1a70235b49cb37088b404edf61804cc31a8e2df8abcff058669620c82f679e00eec52f938c64b50eb618b361f3b82f174a333b5e77e20
- SSDEEP
  
  12288:NxCqHrYCPCimOMt+EqjhOClSlWDClEPjRQ1HfWW:NxCqHrYLimXWvrs8RQ1H
Score

10^/10

warzonerat collection infostealer rat spyware stealer
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratcollectioninfostealerratspywarestealer

behavioral2

warzoneratcollectioninfostealerratspywarestealer

© 2018-2024

Terms | Privacy