warzonerat | 2b4e54af556badc27f08c9a966dd55f090f4a5ef8978793e0ba296b05ddfb242 | Triage

Sharing

General

Target

2b4e54af556badc27f08c9a966dd55f090f4a5ef8978793e0ba296b05ddfb242.exe
Size

113KB
Sample

241103-cyt1psscrf
MD5

00345de133a4d119eacc29fb87f648e9
SHA1

63b3f141071e71d39866d7a4bd204b2b8615080d
SHA256

2b4e54af556badc27f08c9a966dd55f090f4a5ef8978793e0ba296b05ddfb242
SHA512

f44554716ca9b88ef9823508947b9756774c93888308fc4aad892db99cc3373e45013f7ad6d188fef608404a9d94e22c79c6dad6021ae3c7c3c6bcb21db3824a
SSDEEP

1536:h0jP7/L1B5rVmN8sxHv2M28ix8EUaJxWZoB4u0OVE01:K1VmhaH8EFvW+0OVE0

Score

10^/10

warzonerat discovery infostealer rat

Malware Config

Extracted

Family

warzonerat

C2

chromedata.accesscam.org:5221

Targets

- Target
  
  2b4e54af556badc27f08c9a966dd55f090f4a5ef8978793e0ba296b05ddfb242.exe
- Size
  
  113KB
- MD5
  
  00345de133a4d119eacc29fb87f648e9
- SHA1
  
  63b3f141071e71d39866d7a4bd204b2b8615080d
- SHA256
  
  2b4e54af556badc27f08c9a966dd55f090f4a5ef8978793e0ba296b05ddfb242
- SHA512
  
  f44554716ca9b88ef9823508947b9756774c93888308fc4aad892db99cc3373e45013f7ad6d188fef608404a9d94e22c79c6dad6021ae3c7c3c6bcb21db3824a
- SSDEEP
  
  1536:h0jP7/L1B5rVmN8sxHv2M28ix8EUaJxWZoB4u0OVE01:K1VmhaH8EFvW+0OVE0
Score

10^/10

warzonerat discovery infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzonerat family
  warzonerat
- Warzone RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratdiscoveryinfostealerrat

behavioral2

warzoneratdiscoveryinfostealerrat