warzonerat | 3386f42cc721bd4da6af93cdde0824ba355f05bc6901bf99c90f2f254fff7e98 | Triage

Submit
Reports

Overview

overview

Static

static

3

3386f42cc7...98.dll

windows7-x64

3386f42cc7...98.dll

windows10-2004-x64

Sharing

General

Target

3386f42cc721bd4da6af93cdde0824ba355f05bc6901bf99c90f2f254fff7e98.exe
Size

5.1MB
Sample

250221-cxj44sspy8
MD5

333662bb359f77dc06edec4d23b6451c
SHA1

47f662bf56879afe6d03977f2de44b8f08ccd248
SHA256

3386f42cc721bd4da6af93cdde0824ba355f05bc6901bf99c90f2f254fff7e98
SHA512

54f71ac3f61ba2553f293e4a52d319071aa47820e3e1bbebb43f1811326d036f5244aefd3853cc97e8eb5e9ecc1cd813cb938ea9de16a1692bfb5073bdc4d6b0
SSDEEP

49152:HbGsqmReRRKtdF06Brmci4F+Jyzunn9cAJ/g+fmkVB/CuofcFEVLiTmO3gVTpvLD:uEdpky8Cyg+fmCB6ueO3YfQL

Score

10^/10

warzonerat discovery infostealer rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3386f42cc721bd4da6af93cdde0824ba355f05bc6901bf99c90f2f254fff7e98.dll

Resource

win7-20241010-en

warzonerat discovery infostealer rat

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

3386f42cc721bd4da6af93cdde0824ba355f05bc6901bf99c90f2f254fff7e98.dll

Resource

win10v2004-20250217-en

warzonerat discovery infostealer rat

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

198.46.177.153:4532

Targets

- Target
  
  3386f42cc721bd4da6af93cdde0824ba355f05bc6901bf99c90f2f254fff7e98.exe
- Size
  
  5.1MB
- MD5
  
  333662bb359f77dc06edec4d23b6451c
- SHA1
  
  47f662bf56879afe6d03977f2de44b8f08ccd248
- SHA256
  
  3386f42cc721bd4da6af93cdde0824ba355f05bc6901bf99c90f2f254fff7e98
- SHA512
  
  54f71ac3f61ba2553f293e4a52d319071aa47820e3e1bbebb43f1811326d036f5244aefd3853cc97e8eb5e9ecc1cd813cb938ea9de16a1692bfb5073bdc4d6b0
- SSDEEP
  
  49152:HbGsqmReRRKtdF06Brmci4F+Jyzunn9cAJ/g+fmkVB/CuofcFEVLiTmO3gVTpvLD:uEdpky8Cyg+fmCB6ueO3YfQL
Score

10^/10

warzonerat discovery infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzonerat family
  warzonerat
- Warzone RAT payload
  rat
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratdiscoveryinfostealerrat

behavioral2

warzoneratdiscoveryinfostealerrat

© 2018-2025

Terms | Privacy