warzonerat | 9a825ee20f777192913e6c02d8038cdb34907bbcfdec074f664516668f7d1339 | Triage

Submit
Reports

Overview

overview

Static

static

fd27da88_b...is.exe

windows7_x64

fd27da88_b...is.exe

windows10_x64

Sharing

General

Target

fd27da88_by_Libranalysis
Size

1.8MB
Sample

210505-49dh39zf96
MD5

fd27da880372209151379289b0e57d11
SHA1

9d9236804d7a0574ebff234bec1bea519497c27f
SHA256

9a825ee20f777192913e6c02d8038cdb34907bbcfdec074f664516668f7d1339
SHA512

d69b43d30cefdf0255c96763f1e53469ff3c0b1dada711b606959616e7af0608fd4cdc6e4b86b2cf174fb856e6ab01f089d6bf295217f6966c8b2576b34c338d

Score

10^/10

warzonerat evasion infostealer persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

fd27da88_by_Libranalysis.exe

Resource

win7v20210410

warzonerat evasion infostealer persistence rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

fd27da88_by_Libranalysis.exe

Resource

win10v20210410

warzonerat evasion infostealer persistence rat

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  fd27da88_by_Libranalysis
- Size
  
  1.8MB
- MD5
  
  fd27da880372209151379289b0e57d11
- SHA1
  
  9d9236804d7a0574ebff234bec1bea519497c27f
- SHA256
  
  9a825ee20f777192913e6c02d8038cdb34907bbcfdec074f664516668f7d1339
- SHA512
  
  d69b43d30cefdf0255c96763f1e53469ff3c0b1dada711b606959616e7af0608fd4cdc6e4b86b2cf174fb856e6ab01f089d6bf295217f6966c8b2576b34c338d
Score

10^/10

warzonerat evasion infostealer persistence rat
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratevasioninfostealerpersistencerat

behavioral2

warzoneratevasioninfostealerpersistencerat

© 2018-2024

Terms | Privacy