warzonerat | 9cc2f25b4bf0e3d246f8af3ea7ffa49a84824ff1e263ae66afe76365072f817c | Triage

Submit
Reports

Overview

overview

Static

static

Failed Del...gs.scr

windows7_x64

Failed Del...gs.scr

windows10_x64

Sharing

General

Target

Failed Delivery Logs.scr
Size

192KB
Sample

210119-g1n56g34y6
MD5

c782821f3ea22873c247ed3524335b2a
SHA1

83295352f00b346f15b7856ee89d24b1ab84dd95
SHA256

9cc2f25b4bf0e3d246f8af3ea7ffa49a84824ff1e263ae66afe76365072f817c
SHA512

be84f8c79b93329ea927505d11f9fe6249b7230c1e9bf54a4e15f2d08b6eed21ed3f57e7c588449b16dc6d57b4a1ce3e372d27d35f7c4ecbf5c9756926caa5b5

Score

10^/10

warzonerat infostealer persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

Failed Delivery Logs.scr

Resource

win7v20201028

warzonerat infostealer persistence rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Failed Delivery Logs.scr

Resource

win10v20201028

warzonerat infostealer persistence rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

iphanyi.mywire.org:5552

Targets

- Target
  
  Failed Delivery Logs.scr
- Size
  
  192KB
- MD5
  
  c782821f3ea22873c247ed3524335b2a
- SHA1
  
  83295352f00b346f15b7856ee89d24b1ab84dd95
- SHA256
  
  9cc2f25b4bf0e3d246f8af3ea7ffa49a84824ff1e263ae66afe76365072f817c
- SHA512
  
  be84f8c79b93329ea927505d11f9fe6249b7230c1e9bf54a4e15f2d08b6eed21ed3f57e7c588449b16dc6d57b4a1ce3e372d27d35f7c4ecbf5c9756926caa5b5
Score

10^/10

warzonerat infostealer persistence rat
- Modifies WinLogon for persistence
  persistence
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratinfostealerpersistencerat

behavioral2

warzoneratinfostealerpersistencerat

© 2018-2024

Terms | Privacy