warzonerat | b59b27b89189fc7fd98bc8f8a70d7d500907439cba4303c1eb812532fa2bc96f | Triage

Submit
Reports

Overview

overview

Static

static

Swift.exe

windows7_x64

8

Swift.exe

windows10_x64

Sharing

General

Target

Swift.exe
Size

838KB
Sample

210413-g4mpxhbp5a
MD5

4832512b0139507f1a4d1a9bcb9858ee
SHA1

386eac6f001a27066eb01bc5dd89930572b72a95
SHA256

b59b27b89189fc7fd98bc8f8a70d7d500907439cba4303c1eb812532fa2bc96f
SHA512

41bc5d6d1debd31c438f92c3acd656ccc5355dbe887cde06b4cb5d6f1a203cb1444757d587eafbcb49e417578f588a8724f38427859c7a63cc31be8cf08fc99b

Score

10^/10

warzonerat infostealer persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

Swift.exe

Resource

win7v20210410

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Swift.exe

Resource

win10v20210408

warzonerat infostealer persistence rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

cbngroup.duckdns.org:38050

Targets

- Target
  
  Swift.exe
- Size
  
  838KB
- MD5
  
  4832512b0139507f1a4d1a9bcb9858ee
- SHA1
  
  386eac6f001a27066eb01bc5dd89930572b72a95
- SHA256
  
  b59b27b89189fc7fd98bc8f8a70d7d500907439cba4303c1eb812532fa2bc96f
- SHA512
  
  41bc5d6d1debd31c438f92c3acd656ccc5355dbe887cde06b4cb5d6f1a203cb1444757d587eafbcb49e417578f588a8724f38427859c7a63cc31be8cf08fc99b
Score

10^/10

persistence warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

warzoneratinfostealerpersistencerat

© 2018-2024

Terms | Privacy