warzonerat | 1b4d6e3ca2e51ca857bd4cc84c8b02c07f40bc55a67cc9a52be46afecf4d199a | Triage

Sharing

General

Target

1b4d6e3ca2e51ca857bd4cc84c8b02c07f40bc55a67cc9a52be46afecf4d199a.exe
Size

152KB
Sample

250116-j57cya1ke1
MD5

5aae8462f845854f8e15f1c17abb73a0
SHA1

13d05504fc37678ad1e7c37444c6aabdae5453a0
SHA256

1b4d6e3ca2e51ca857bd4cc84c8b02c07f40bc55a67cc9a52be46afecf4d199a
SHA512

974deb28f5f5f75d67a7e8ddcf5ac96ac9945006ee5fffcb153c81f495c18badffa58d824a9a9d8b0141c1537c57a2c7a7bcc59ef93e9e762568bbf3e1526814
SSDEEP

3072:4NLOpnhTdOw9YAJOzIY9gVl01T2ENipdDg0z5f:4NLYdT97JSIFl0QENqFf

Score

10^/10

warzonerat discovery infostealer rat

Malware Config

Extracted

Family

warzonerat

C2

daddy.linkpc.net:1145

Targets

- Target
  
  1b4d6e3ca2e51ca857bd4cc84c8b02c07f40bc55a67cc9a52be46afecf4d199a.exe
- Size
  
  152KB
- MD5
  
  5aae8462f845854f8e15f1c17abb73a0
- SHA1
  
  13d05504fc37678ad1e7c37444c6aabdae5453a0
- SHA256
  
  1b4d6e3ca2e51ca857bd4cc84c8b02c07f40bc55a67cc9a52be46afecf4d199a
- SHA512
  
  974deb28f5f5f75d67a7e8ddcf5ac96ac9945006ee5fffcb153c81f495c18badffa58d824a9a9d8b0141c1537c57a2c7a7bcc59ef93e9e762568bbf3e1526814
- SSDEEP
  
  3072:4NLOpnhTdOw9YAJOzIY9gVl01T2ENipdDg0z5f:4NLYdT97JSIFl0QENqFf
Score

10^/10

warzonerat discovery infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzonerat family
  warzonerat
- Warzone RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratdiscoveryinfostealerrat

behavioral2

warzoneratdiscoveryinfostealerrat