warzonerat | 0558ff6208fe5bfa8bc488efaf0138cddeca218dcc915325ff50d65705093f83 | Triage

Submit
Reports

Overview

overview

Static

static

Invoice.exe

windows7_x64

Invoice.exe

windows10_x64

Sharing

General

Target

Invoice.exe
Size

1.0MB
Sample

210112-veem1bhrqe
MD5

cb811a9a8764bc084413ae02590b7ac5
SHA1

00469c7c7cf8b1e6d68dcc045acc497ea5c1b6c3
SHA256

0558ff6208fe5bfa8bc488efaf0138cddeca218dcc915325ff50d65705093f83
SHA512

0df28c7994a5b8b1445cb2d2ceeae7f3bac4943f1e1f2684eb808fa7c6d368e4dce9a7ccc3d071f9addd59cb56c6ec9107ad86905a89c163b711710a710971fa

Score

10^/10

warzonerat infostealer persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

Invoice.exe

Resource

win7v20201028

warzonerat infostealer persistence rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Invoice.exe

Resource

win10v20201028

warzonerat infostealer persistence rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

maxlogs.webhop.me:1619

Targets

- Target
  
  Invoice.exe
- Size
  
  1.0MB
- MD5
  
  cb811a9a8764bc084413ae02590b7ac5
- SHA1
  
  00469c7c7cf8b1e6d68dcc045acc497ea5c1b6c3
- SHA256
  
  0558ff6208fe5bfa8bc488efaf0138cddeca218dcc915325ff50d65705093f83
- SHA512
  
  0df28c7994a5b8b1445cb2d2ceeae7f3bac4943f1e1f2684eb808fa7c6d368e4dce9a7ccc3d071f9addd59cb56c6ec9107ad86905a89c163b711710a710971fa
Score

10^/10

warzonerat infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratinfostealerpersistencerat

behavioral2

warzoneratinfostealerpersistencerat

© 2018-2024

Terms | Privacy