warzonerat | 935ee7743f877a6c5e94fd502c2eae956e619b2d20a8456161ea2de787203032 | Triage

Submit
Reports

Overview

overview

Static

static

3

935ee7743f...32.exe

windows7-x64

935ee7743f...32.exe

windows10-2004-x64

Sharing

General

Target

935ee7743f877a6c5e94fd502c2eae956e619b2d20a8456161ea2de787203032
Size

232KB
Sample

231107-rmlbragh5s
MD5

da68f073722703435278e45a1a1e54ea
SHA1

f7a56876b13ea85de713171f0f1c3f76a988c26e
SHA256

935ee7743f877a6c5e94fd502c2eae956e619b2d20a8456161ea2de787203032
SHA512

3fff540598f81d4162543e8b089c4902f9509c53a81a357155050060dd758e7c77c9e379b0f31eb9f8dee816ec7a153470367491711d39c12004bee805798f10
SSDEEP

6144:b+YD77nfv1aFxU5JOtXOgfNb6fTF4MoiwBP/DGDMDSj:bBfnfdKU5J6iATPrGS

Score

10^/10

warzonerat infostealer rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

935ee7743f877a6c5e94fd502c2eae956e619b2d20a8456161ea2de787203032.exe

Resource

win7-20231025-en

warzonerat infostealer rat

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

935ee7743f877a6c5e94fd502c2eae956e619b2d20a8456161ea2de787203032.exe

Resource

win10v2004-20231023-en

warzonerat infostealer rat

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

185.225.75.68:2222

Targets

- Target
  
  935ee7743f877a6c5e94fd502c2eae956e619b2d20a8456161ea2de787203032
- Size
  
  232KB
- MD5
  
  da68f073722703435278e45a1a1e54ea
- SHA1
  
  f7a56876b13ea85de713171f0f1c3f76a988c26e
- SHA256
  
  935ee7743f877a6c5e94fd502c2eae956e619b2d20a8456161ea2de787203032
- SHA512
  
  3fff540598f81d4162543e8b089c4902f9509c53a81a357155050060dd758e7c77c9e379b0f31eb9f8dee816ec7a153470367491711d39c12004bee805798f10
- SSDEEP
  
  6144:b+YD77nfv1aFxU5JOtXOgfNb6fTF4MoiwBP/DGDMDSj:bBfnfdKU5J6iATPrGS
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Executes dropped EXE
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scripting

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

warzoneratinfostealerrat

© 2018-2025

Terms | Privacy