warzonerat | 40d4ee1e0fa412176d826027c500bfbc29ee4c65bfd13dcec2f0facd0021399c | Triage

Submit
Reports

Overview

overview

Static

static

90aced49ee...3d.exe

windows7_x64

90aced49ee...3d.exe

windows10_x64

Sharing

General

Target

90aced49ee9c5ce3fc9f47ba8fd7333d.exe
Size

1.5MB
Sample

210412-7529p6tq4j
MD5

90aced49ee9c5ce3fc9f47ba8fd7333d
SHA1

80aff2fec277427a40de384be7c8119a19354166
SHA256

40d4ee1e0fa412176d826027c500bfbc29ee4c65bfd13dcec2f0facd0021399c
SHA512

20e1d46f938eb1bf90178769074e1d6a247683d77a52776b047a4f02ad90a298dd93f641a25e9affcf08bb1a767025f70e6a628d6fa24154282abdb30b8cdecc

Score

10^/10

warzonerat infostealer persistence rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

90aced49ee9c5ce3fc9f47ba8fd7333d.exe

Resource

win7v20201028

warzonerat infostealer persistence rat spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

90aced49ee9c5ce3fc9f47ba8fd7333d.exe

Resource

win10v20201028

warzonerat infostealer persistence rat spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

101.99.91.200:5200

Targets

- Target
  
  90aced49ee9c5ce3fc9f47ba8fd7333d.exe
- Size
  
  1.5MB
- MD5
  
  90aced49ee9c5ce3fc9f47ba8fd7333d
- SHA1
  
  80aff2fec277427a40de384be7c8119a19354166
- SHA256
  
  40d4ee1e0fa412176d826027c500bfbc29ee4c65bfd13dcec2f0facd0021399c
- SHA512
  
  20e1d46f938eb1bf90178769074e1d6a247683d77a52776b047a4f02ad90a298dd93f641a25e9affcf08bb1a767025f70e6a628d6fa24154282abdb30b8cdecc
Score

10^/10

warzonerat infostealer persistence rat spyware stealer
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Sets DLL path for service in the registry
  persistence
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratinfostealerpersistenceratspywarestealer

behavioral2

warzoneratinfostealerpersistenceratspywarestealer

© 2018-2024

Terms | Privacy