warzonerat | 681aa8558dca5f10c217f1a827f13305037803a454d83f2a4bdf69c06ab45271 | Triage

Submit
Reports

Overview

overview

Static

static

681aa8558d...71.exe

windows7_x64

681aa8558d...71.exe

windows10_x64

Sharing

General

Target

681aa8558dca5f10c217f1a827f13305037803a454d83f2a4bdf69c06ab45271
Size

1.2MB
Sample

210517-8qsxyg2r9x
MD5

8ff7ca1f9a9c31cba4a66e9b22328244
SHA1

5778d4fb2e2bb35fd6d30c3fbbb2f9573345dd6f
SHA256

681aa8558dca5f10c217f1a827f13305037803a454d83f2a4bdf69c06ab45271
SHA512

38caf5038227929e4bb6681815c084a807863cc3511982c259473ec237e77d847ce41110f9b4ec3a57e24c453906bbe942282a12c8132f1913b01605c71e8fa3

Score

10^/10

warzonerat aspackv2 evasion infostealer persistence rat

Static task

static1

rat aspackv2 warzonerat

Behavioral task

behavioral1

Sample

681aa8558dca5f10c217f1a827f13305037803a454d83f2a4bdf69c06ab45271.exe

Resource

win7v20210410

warzonerat aspackv2 evasion infostealer persistence rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

681aa8558dca5f10c217f1a827f13305037803a454d83f2a4bdf69c06ab45271.exe

Resource

win10v20210410

warzonerat aspackv2 evasion infostealer persistence rat

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  681aa8558dca5f10c217f1a827f13305037803a454d83f2a4bdf69c06ab45271
- Size
  
  1.2MB
- MD5
  
  8ff7ca1f9a9c31cba4a66e9b22328244
- SHA1
  
  5778d4fb2e2bb35fd6d30c3fbbb2f9573345dd6f
- SHA256
  
  681aa8558dca5f10c217f1a827f13305037803a454d83f2a4bdf69c06ab45271
- SHA512
  
  38caf5038227929e4bb6681815c084a807863cc3511982c259473ec237e77d847ce41110f9b4ec3a57e24c453906bbe942282a12c8132f1913b01605c71e8fa3
Score

10^/10

warzonerat aspackv2 evasion infostealer persistence rat
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

rataspackv2warzonerat

behavioral1

warzonerataspackv2evasioninfostealerpersistencerat

behavioral2

warzonerataspackv2evasioninfostealerpersistencerat

© 2018-2024

Terms | Privacy