warzonerat | 0b2fe9ed6a7e5da7f211a891a6b578a4dd1c850e546703e9d8bf6acb27da4a20 | Triage

Submit
Reports

Overview

overview

Static

static

3

0b2fe9ed6a...JC.exe

windows7-x64

0b2fe9ed6a...JC.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

0b2fe9ed6a7e5da7f211a891a6b578a4dd1c850e546703e9d8bf6acb27da4a20exe_JC.exe
Size

633KB
Sample

230801-rnlnxagc36
MD5

414988f541816a08bda4a0896732137b
SHA1

5321af423a15f8a3945a1dca9e6d6168c19ad689
SHA256

0b2fe9ed6a7e5da7f211a891a6b578a4dd1c850e546703e9d8bf6acb27da4a20
SHA512

76b4fb02c4ba279881bf6b4105cfe92b626b4fdfebd7bf1f5cc5afd94e8981aaa6c563159227312479b4dbed9240599f148d5dbf871fd349d518dc7254e25196
SSDEEP

12288:c+uZy1YmJ+37TZahUZi14aiUGpCahv9goMrm3uimIVndtpFALxQl9U+2w2vT3:c+uA1YmQ37TZaheLUGw6vWGuiFDAE9pq

Score

10^/10

warzonerat infostealer rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0b2fe9ed6a7e5da7f211a891a6b578a4dd1c850e546703e9d8bf6acb27da4a20exe_JC.exe

Resource

win7-20230712-en

warzonerat infostealer rat

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

0b2fe9ed6a7e5da7f211a891a6b578a4dd1c850e546703e9d8bf6acb27da4a20exe_JC.exe

Resource

win10v2004-20230703-en

warzonerat infostealer rat

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

89.117.76.41:4422

Targets

- Target
  
  0b2fe9ed6a7e5da7f211a891a6b578a4dd1c850e546703e9d8bf6acb27da4a20exe_JC.exe
- Size
  
  633KB
- MD5
  
  414988f541816a08bda4a0896732137b
- SHA1
  
  5321af423a15f8a3945a1dca9e6d6168c19ad689
- SHA256
  
  0b2fe9ed6a7e5da7f211a891a6b578a4dd1c850e546703e9d8bf6acb27da4a20
- SHA512
  
  76b4fb02c4ba279881bf6b4105cfe92b626b4fdfebd7bf1f5cc5afd94e8981aaa6c563159227312479b4dbed9240599f148d5dbf871fd349d518dc7254e25196
- SSDEEP
  
  12288:c+uZy1YmJ+37TZahUZi14aiUGpCahv9goMrm3uimIVndtpFALxQl9U+2w2vT3:c+uA1YmQ37TZaheLUGw6vWGuiFDAE9pq
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

warzoneratinfostealerrat

© 2018-2025

Terms | Privacy