warzonerat | 73f265394c186f866d3eb1d41bf0f2a87e3462fa359746351b5030152271c152 | Triage

Submit
Reports

Overview

overview

Static

static

3

a21894eebe...18.exe

windows7-x64

a21894eebe...18.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

a21894eebe503ef5556993d5a0bd7518.exe
Size

604KB
Sample

230715-2ddwesbh88
MD5

a21894eebe503ef5556993d5a0bd7518
SHA1

71ed2b3656bacf9ce92746c2d3bf5ec0f2562b7f
SHA256

73f265394c186f866d3eb1d41bf0f2a87e3462fa359746351b5030152271c152
SHA512

227ca4d5d39a709a1c65697417b146bf41485c3643b9b338c2d528f4010b13b9eb028f50303f8e8ea27753d073c5b8c7c9831c44433eb6e0319f0217de134ab7
SSDEEP

12288:9HerdcsnB8BoRC5PKaphHNQ3HEXHKzcAXx6a9aC:d+dPBRR4hpZK3CAXx6a9

Score

10^/10

warzonerat collection infostealer rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a21894eebe503ef5556993d5a0bd7518.exe

Resource

win7-20230712-en

warzonerat collection infostealer rat

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

a21894eebe503ef5556993d5a0bd7518.exe

Resource

win10v2004-20230703-en

warzonerat collection infostealer rat

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

167.94.81.224:9801

Targets

- Target
  
  a21894eebe503ef5556993d5a0bd7518.exe
- Size
  
  604KB
- MD5
  
  a21894eebe503ef5556993d5a0bd7518
- SHA1
  
  71ed2b3656bacf9ce92746c2d3bf5ec0f2562b7f
- SHA256
  
  73f265394c186f866d3eb1d41bf0f2a87e3462fa359746351b5030152271c152
- SHA512
  
  227ca4d5d39a709a1c65697417b146bf41485c3643b9b338c2d528f4010b13b9eb028f50303f8e8ea27753d073c5b8c7c9831c44433eb6e0319f0217de134ab7
- SSDEEP
  
  12288:9HerdcsnB8BoRC5PKaphHNQ3HEXHKzcAXx6a9aC:d+dPBRR4hpZK3CAXx6a9
Score

10^/10

warzonerat collection infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratcollectioninfostealerrat

behavioral2

warzoneratcollectioninfostealerrat

© 2018-2025

Terms | Privacy