warzonerat | ac0841f157fd3662fe4035ff5f1df319ff1442d9de50fc066bb555ffcd6aee08 | Triage

Submit
Reports

Overview

overview

Static

static

ac0841f157...08.exe

windows7_x64

ac0841f157...08.exe

windows10_x64

Sharing

General

Target

ac0841f157fd3662fe4035ff5f1df319ff1442d9de50fc066bb555ffcd6aee08
Size

1.8MB
Sample

200706-6vfnrvpb5s
MD5

c8c500dafdfa5f1e0b9609a0de3ed0c2
SHA1

0188ba23e3ee0f74ad8a055a6474933c47eaa7e9
SHA256

ac0841f157fd3662fe4035ff5f1df319ff1442d9de50fc066bb555ffcd6aee08
SHA512

7cb27417cb1796978459161fd94bc067ce047b9bdc7886e8dab02f5ec59a21c3fc93c27c9b29f51e715df512cea75e91fe7b6273e94573b8d02130c369a3f93c

Score

10^/10

warzonerat evasion infostealer persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

ac0841f157fd3662fe4035ff5f1df319ff1442d9de50fc066bb555ffcd6aee08.exe

Resource

win7

rat persistence evasion infostealer warzonerat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ac0841f157fd3662fe4035ff5f1df319ff1442d9de50fc066bb555ffcd6aee08.exe

Resource

win10v200430

rat persistence evasion infostealer warzonerat

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  ac0841f157fd3662fe4035ff5f1df319ff1442d9de50fc066bb555ffcd6aee08
- Size
  
  1.8MB
- MD5
  
  c8c500dafdfa5f1e0b9609a0de3ed0c2
- SHA1
  
  0188ba23e3ee0f74ad8a055a6474933c47eaa7e9
- SHA256
  
  ac0841f157fd3662fe4035ff5f1df319ff1442d9de50fc066bb555ffcd6aee08
- SHA512
  
  7cb27417cb1796978459161fd94bc067ce047b9bdc7886e8dab02f5ec59a21c3fc93c27c9b29f51e715df512cea75e91fe7b6273e94573b8d02130c369a3f93c
Score

10^/10

rat persistence evasion infostealer warzonerat
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ratpersistenceevasioninfostealerwarzonerat

behavioral2

ratpersistenceevasioninfostealerwarzonerat

© 2018-2024

Terms | Privacy