warzonerat | 0aad58903f0524b82a3388b1aa6302c974dfc4ac593435f2bc0f1b9eb3ced6db | Triage

Submit
Reports

Overview

overview

Static

static

1

Прило...�2.lnk

windows7-x64

Прило...�2.lnk

windows10-2004-x64

скани...т.exe

windows7-x64

скани...т.exe

windows10-2004-x64

Sharing

General

Target

e581196f2635ba5cb25c3a1121a6ed58.bin
Size

327KB
Sample

230412-fc8thshh57
MD5

e581196f2635ba5cb25c3a1121a6ed58
SHA1

b5e448b0b289fcae5c4b742b72e19531d71e897b
SHA256

0aad58903f0524b82a3388b1aa6302c974dfc4ac593435f2bc0f1b9eb3ced6db
SHA512

ec8e89521aa5e0c087d6c47474bc5710bc3092a44e1e14832d59e59a64f275163be8ed5e316b5072f48faee4018564560790cf655456c5deede364bb78e9a23c
SSDEEP

6144:lsHuhsGKLz6xKwAoUj8H5ZB72AmLLQ++S3hs7vpmWo0caVWBjDUYldA:l12fq1kSZh2AmL8CuvtcakhDy

Score

10^/10

warzonerat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

Приложение2.lnk

Resource

win7-20230220-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

Приложение2.lnk

Resource

win10v2004-20230220-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral3

Sample

сканированный документ.exe

Resource

win7-20230220-en

warzonerat infostealer rat

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral4

Sample

сканированный документ.exe

Resource

win10v2004-20230221-en

warzonerat infostealer rat

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://94.103.86.38/ms1.hta

Extracted

Family

warzonerat

C2

89.22.232.145:443

Targets

- Target
  
  Приложение2.lnk
- Size
  
  1KB
- MD5
  
  4443dc6bc9015b039ab514e4b23be5d6
- SHA1
  
  b0935265193593373bf2744f11ce7acdd4a1970b
- SHA256
  
  3f6d866f09cfabb1aa2a0393d290533ed31705c87b85f77edc3fdd51b90f6e24
- SHA512
  
  3b317782345b0f78dec005d826894560991d698d003ba9da50f3f2d5347c7a632b1057a0323a024c80762a18f8288e1c50ab53dbe664c5f88b22c446b628f19d
Score

10^/10
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  сканированный документ.exe
- Size
  
  1.6MB
- MD5
  
  25b31bcb8c6a3ce3fc3a3da6ba4df156
- SHA1
  
  4a0874d506854a996b429b7c11e2057e86583dd2
- SHA256
  
  1f591a5c726b279174ce06f3fa9e5db0019b12c9b5b8e19a529bf6cb1153f164
- SHA512
  
  2927d75bb1615ad58edfaa915d49031f77d02f2074cceac139cc467dd9c810b7e9cb7caa8ddddb259ff79f44c14f6b54cb0f1f3783175d2cf7dfc1d03f97f058
- SSDEEP
  
  12288:kQo5kCbg6bZYWXiiGuuhKq3wHW+fmM8HrqTOuPj/hroZ3NZnmZBxjFz82AYRJUEk:egUZ5LW+fmM8LmjU3NZnmZHjbkEk
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

warzoneratinfostealerrat

behavioral4

warzoneratinfostealerrat

© 2018-2025

Terms | Privacy