warzonerat | 584849c842b59f3282d73d0b1591f73a52238fcbcfeb67309d1e7ef35f0aea65 | Triage

Submit
Reports

Overview

overview

Static

static

584849c842...65.exe

windows7_x64

584849c842...65.exe

windows10_x64

Sharing

General

Target

584849c842b59f3282d73d0b1591f73a52238fcbcfeb67309d1e7ef35f0aea65
Size

1.8MB
Sample

210517-868vw8dbk2
MD5

2730bcc7aa4ae9d65374588570b80240
SHA1

5d0901753757058bcefe5dc9f965e988b7e01bf4
SHA256

584849c842b59f3282d73d0b1591f73a52238fcbcfeb67309d1e7ef35f0aea65
SHA512

8eace7632cabf644a2a1a6b08f40ceda01b08a1371e3f1d141cdb9a91fca5197d2a659a550250bc455e965e358b5880ea9ee971efd4e8ca53dcf214e37e67a0f

Score

10^/10

warzonerat evasion infostealer persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

584849c842b59f3282d73d0b1591f73a52238fcbcfeb67309d1e7ef35f0aea65.exe

Resource

win7v20210410

warzonerat evasion infostealer persistence rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

584849c842b59f3282d73d0b1591f73a52238fcbcfeb67309d1e7ef35f0aea65.exe

Resource

win10v20210410

warzonerat evasion infostealer persistence rat

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  584849c842b59f3282d73d0b1591f73a52238fcbcfeb67309d1e7ef35f0aea65
- Size
  
  1.8MB
- MD5
  
  2730bcc7aa4ae9d65374588570b80240
- SHA1
  
  5d0901753757058bcefe5dc9f965e988b7e01bf4
- SHA256
  
  584849c842b59f3282d73d0b1591f73a52238fcbcfeb67309d1e7ef35f0aea65
- SHA512
  
  8eace7632cabf644a2a1a6b08f40ceda01b08a1371e3f1d141cdb9a91fca5197d2a659a550250bc455e965e358b5880ea9ee971efd4e8ca53dcf214e37e67a0f
Score

10^/10

warzonerat evasion infostealer persistence rat
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratevasioninfostealerpersistencerat

behavioral2

warzoneratevasioninfostealerpersistencerat

© 2018-2024

Terms | Privacy