warzonerat | f69e92ecf6c4a263eb840bb1765cdb9995300485466543e1b791d32453c908ee | Triage

Submit
Reports

Overview

overview

Static

static

b92cf7fabc...60.exe

windows7_x64

b92cf7fabc...60.exe

windows10_x64

Sharing

General

Target

b92cf7fabcd142154038649990ee9960
Size

1.2MB
Sample

201214-g5cqlzx8nj
MD5

b92cf7fabcd142154038649990ee9960
SHA1

9d6cf4c4386206744d90614f307142af43ffec43
SHA256

f69e92ecf6c4a263eb840bb1765cdb9995300485466543e1b791d32453c908ee
SHA512

1b34120f9b79779ce4fe39bddc5b182f609c77a2907cd2d2d5e16b119d03dd15adc97a7ff3baac2df6f001756ddbd74ac2dbaefda5c91c1b3a14a240f2ebb53e

Score

10^/10

warzonerat aspackv2 evasion infostealer persistence rat

Static task

static1

aspackv2 rat warzonerat

Behavioral task

behavioral1

Sample

b92cf7fabcd142154038649990ee9960.exe

Resource

win7v20201028

warzonerat aspackv2 evasion infostealer persistence rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

b92cf7fabcd142154038649990ee9960.exe

Resource

win10v20201028

warzonerat aspackv2 evasion infostealer persistence rat

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  b92cf7fabcd142154038649990ee9960
- Size
  
  1.2MB
- MD5
  
  b92cf7fabcd142154038649990ee9960
- SHA1
  
  9d6cf4c4386206744d90614f307142af43ffec43
- SHA256
  
  f69e92ecf6c4a263eb840bb1765cdb9995300485466543e1b791d32453c908ee
- SHA512
  
  1b34120f9b79779ce4fe39bddc5b182f609c77a2907cd2d2d5e16b119d03dd15adc97a7ff3baac2df6f001756ddbd74ac2dbaefda5c91c1b3a14a240f2ebb53e
Score

10^/10

warzonerat aspackv2 evasion infostealer persistence rat
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

aspackv2ratwarzonerat

behavioral1

warzonerataspackv2evasioninfostealerpersistencerat

behavioral2

warzonerataspackv2evasioninfostealerpersistencerat

© 2018-2024

Terms | Privacy