warzonerat | 307b193d8ff010848bd38e4f964b82581222e52eb64c0fe03d6fb76446c93467 | Triage

Sharing

General

Target

307b193d8ff010848bd38e4f964b82581222e52eb64c0fe03d6fb76446c93467N.exe
Size

152KB
Sample

250116-mne4xaxmcr
MD5

5d465c4a51b42b6608be8ba53a9715e0
SHA1

c2f2099687ed894f0d4419633a6dc86cfffc9da3
SHA256

307b193d8ff010848bd38e4f964b82581222e52eb64c0fe03d6fb76446c93467
SHA512

66383829110fe6f21657f631869fdd947af3561883a6726a210947d54914edd3f5c72baf0a952ef27e208c46b3af62cdc6a5bafe3de27fb0eb03c2faed76b536
SSDEEP

3072:4NLOpnhTdOw9YAJOzIY9gVl01T2ENipdDg0z5:4NLYdT97JSIFl0QENqF

Score

10^/10

warzonerat discovery infostealer rat

Malware Config

Extracted

Family

warzonerat

C2

daddy.linkpc.net:1145

Targets

- Target
  
  307b193d8ff010848bd38e4f964b82581222e52eb64c0fe03d6fb76446c93467N.exe
- Size
  
  152KB
- MD5
  
  5d465c4a51b42b6608be8ba53a9715e0
- SHA1
  
  c2f2099687ed894f0d4419633a6dc86cfffc9da3
- SHA256
  
  307b193d8ff010848bd38e4f964b82581222e52eb64c0fe03d6fb76446c93467
- SHA512
  
  66383829110fe6f21657f631869fdd947af3561883a6726a210947d54914edd3f5c72baf0a952ef27e208c46b3af62cdc6a5bafe3de27fb0eb03c2faed76b536
- SSDEEP
  
  3072:4NLOpnhTdOw9YAJOzIY9gVl01T2ENipdDg0z5:4NLYdT97JSIFl0QENqF
Score

10^/10

warzonerat discovery infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzonerat family
  warzonerat
- Warzone RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratdiscoveryinfostealerrat

behavioral2

warzoneratdiscoveryinfostealerrat