warzonerat | 5e2fa30500b10cdb21e9c221603132cddc9ad1eea0046ade38b10fc9d60743f6 | Triage

Submit
Reports

Overview

overview

Static

static

Official-P...21.doc

windows7_x64

Official-P...21.doc

windows10_x64

1

Sharing

General

Target

Official-PaymentDetail15012021.doc
Size

3.6MB
Sample

210115-nen55spw56
MD5

d0067fec7b7ccc9a37fb8fe52cf9dd98
SHA1

7f959612668dfa1565ee6523a47178566b1c2b3f
SHA256

5e2fa30500b10cdb21e9c221603132cddc9ad1eea0046ade38b10fc9d60743f6
SHA512

7a3e4c124c8f7425f00e00950bfcad6cfdf140d02ab073d1834932a637f219d7bbb2b2530b8fc501098c37098d1e5c25cd0d8015769e599d7943af02d829b28f

Score

10^/10

warzonerat infostealer persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

Official-PaymentDetail15012021.doc

Resource

win7v20201028

warzonerat infostealer persistence rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Official-PaymentDetail15012021.doc

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

79.134.225.23:5200

Targets

- Target
  
  Official-PaymentDetail15012021.doc
- Size
  
  3.6MB
- MD5
  
  d0067fec7b7ccc9a37fb8fe52cf9dd98
- SHA1
  
  7f959612668dfa1565ee6523a47178566b1c2b3f
- SHA256
  
  5e2fa30500b10cdb21e9c221603132cddc9ad1eea0046ade38b10fc9d60743f6
- SHA512
  
  7a3e4c124c8f7425f00e00950bfcad6cfdf140d02ab073d1834932a637f219d7bbb2b2530b8fc501098c37098d1e5c25cd0d8015769e599d7943af02d829b28f
Score

10^/10

warzonerat infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratinfostealerpersistencerat

behavioral2

© 2018-2024

Terms | Privacy