warzonerat | 046a08c40c5ff787bbe473f575f672a15855a3c9b343d57935f8eadac4d1cde7 | Triage

Sharing

General

Target

046a08c40c5ff787bbe473f575f672a15855a3c9b343d57935f8eadac4d1cde7.exe
Size

152KB
Sample

241120-e647ra1kht
MD5

0a898fdbbb64c5236260b65598a3c1be
SHA1

b92ec7dad61b08ddc4f2ae9ba6d2bc3537392606
SHA256

046a08c40c5ff787bbe473f575f672a15855a3c9b343d57935f8eadac4d1cde7
SHA512

0eb79d232bf3ff96b3710b69a5a29d783e051b39696dd2833af4ac2d1599448c105c5d0f47475b25058c5b9ac86b85cf6f4201bf787a103b203dd8f073a0741e
SSDEEP

3072:4NLOpnhTdOw9YAJOzIY9gVl01T2ENipdDg0z5F:4NLYdT97JSIFl0QENqFF

Score

10^/10

warzonerat discovery infostealer rat

Malware Config

Extracted

Family

warzonerat

C2

daddy.linkpc.net:1145

Targets

- Target
  
  046a08c40c5ff787bbe473f575f672a15855a3c9b343d57935f8eadac4d1cde7.exe
- Size
  
  152KB
- MD5
  
  0a898fdbbb64c5236260b65598a3c1be
- SHA1
  
  b92ec7dad61b08ddc4f2ae9ba6d2bc3537392606
- SHA256
  
  046a08c40c5ff787bbe473f575f672a15855a3c9b343d57935f8eadac4d1cde7
- SHA512
  
  0eb79d232bf3ff96b3710b69a5a29d783e051b39696dd2833af4ac2d1599448c105c5d0f47475b25058c5b9ac86b85cf6f4201bf787a103b203dd8f073a0741e
- SSDEEP
  
  3072:4NLOpnhTdOw9YAJOzIY9gVl01T2ENipdDg0z5F:4NLYdT97JSIFl0QENqFF
Score

10^/10

warzonerat discovery infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzonerat family
  warzonerat
- Warzone RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratdiscoveryinfostealerrat

behavioral2

warzoneratdiscoveryinfostealerrat