warzonerat | 837f608d0e47adb06a92fde28cfbac1772901f9c49c3e54c5fe0e8fd2d7bb1d8 | Triage

Sharing

General

Target

837f608d0e47adb06a92fde28cfbac1772901f9c49c3e54c5fe0e8fd2d7bb1d8N.exe
Size

98KB
Sample

241129-r6f65s1mc1
MD5

df3b2d470932a9ded2ec56a488141c70
SHA1

c6c13c1f1bca1bcd42712ddde9c4d6069e8c691e
SHA256

837f608d0e47adb06a92fde28cfbac1772901f9c49c3e54c5fe0e8fd2d7bb1d8
SHA512

6b9f083496574345052bf8bdddb0dc087e729e9610fc59237ba12e5c5428403e4a412f36234781bc3ed967cdd0f7b96d6b46be1d241c5e675288106f17cf003a
SSDEEP

1536:7CsqDw2ost58PNkDtPMpcJBO9YcmGF11jVEyH:mpjZ+cJBSYmdjVEU

Score

10^/10

warzonerat discovery infostealer rat

Malware Config

Extracted

Family

warzonerat

C2

wealth.warzonedns.com:5202

Targets

- Target
  
  837f608d0e47adb06a92fde28cfbac1772901f9c49c3e54c5fe0e8fd2d7bb1d8N.exe
- Size
  
  98KB
- MD5
  
  df3b2d470932a9ded2ec56a488141c70
- SHA1
  
  c6c13c1f1bca1bcd42712ddde9c4d6069e8c691e
- SHA256
  
  837f608d0e47adb06a92fde28cfbac1772901f9c49c3e54c5fe0e8fd2d7bb1d8
- SHA512
  
  6b9f083496574345052bf8bdddb0dc087e729e9610fc59237ba12e5c5428403e4a412f36234781bc3ed967cdd0f7b96d6b46be1d241c5e675288106f17cf003a
- SSDEEP
  
  1536:7CsqDw2ost58PNkDtPMpcJBO9YcmGF11jVEyH:mpjZ+cJBSYmdjVEU
Score

10^/10

warzonerat discovery infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzonerat family
  warzonerat
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratdiscoveryinfostealerrat

behavioral2

warzoneratdiscoveryinfostealerrat