warzonerat | dfb877a76229db5342b35bc947a0bb12d2b5564b3567eddcc708d5e9cb4edd8e | Triage

Submit
Reports

Overview

overview

Static

static

1

Eriuekal.exe

windows7-x64

1

Eriuekal.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

Eriuekal.exe
Size

26KB
Sample

230425-jzytlsbb4w
MD5

9607ad352affab592f84993152e50234
SHA1

9225e1a3aef2e5309308e1f2ea1dd4ac952d21b5
SHA256

dfb877a76229db5342b35bc947a0bb12d2b5564b3567eddcc708d5e9cb4edd8e
SHA512

f7b3b882cb779dac6dd55c82a83dae0a29bca6e05688658b9b021e33b76a47d6e5af30848ad9feb5351b812d7ba8f205b9969f05a65d8a7e7b2dcf43abd139c5
SSDEEP

384:e5Q4kSygaDNkQVXZOxOK8MP93U7I2kGYb1ak/fbzp:yfrSXZK99AjYJakLzp

Score

10^/10

warzonerat collection infostealer rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Eriuekal.exe

Resource

win7-20230220-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

Eriuekal.exe

Resource

win10v2004-20230220-en

warzonerat collection infostealer rat spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

109.248.150.150:65535

Targets

- Target
  
  Eriuekal.exe
- Size
  
  26KB
- MD5
  
  9607ad352affab592f84993152e50234
- SHA1
  
  9225e1a3aef2e5309308e1f2ea1dd4ac952d21b5
- SHA256
  
  dfb877a76229db5342b35bc947a0bb12d2b5564b3567eddcc708d5e9cb4edd8e
- SHA512
  
  f7b3b882cb779dac6dd55c82a83dae0a29bca6e05688658b9b021e33b76a47d6e5af30848ad9feb5351b812d7ba8f205b9969f05a65d8a7e7b2dcf43abd139c5
- SSDEEP
  
  384:e5Q4kSygaDNkQVXZOxOK8MP93U7I2kGYb1ak/fbzp:yfrSXZK99AjYJakLzp
Score

10^/10

warzonerat collection infostealer rat spyware stealer
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

warzoneratcollectioninfostealerratspywarestealer

© 2018-2025

Terms | Privacy