warzonerat | dc861ce845058409c19525c9928b84742465ce42f5c8ae821f518d582669540e | Triage

Submit
Reports

Overview

overview

Static

static

dc861ce845...0e.exe

windows7_x64

dc861ce845...0e.exe

windows10_x64

Sharing

General

Target

dc861ce845058409c19525c9928b84742465ce42f5c8ae821f518d582669540e
Size

1.2MB
Sample

210517-khmmll237x
MD5

522470db29dd1fec8b3543980178c9dc
SHA1

b6c47786e6c8484e6b2b5b6848fb6e3554d9dd60
SHA256

dc861ce845058409c19525c9928b84742465ce42f5c8ae821f518d582669540e
SHA512

8aa3b08d0ea1d1bb8ff968359639af808f81dd28d9b5197ef7107c77390e46fd82b9f830132c8d48ee34764b3b2cd95b52e24eb4b26c26cd454b6daa4de3e7b0

Score

10^/10

warzonerat aspackv2 evasion infostealer persistence rat

Static task

static1

rat aspackv2 warzonerat

Behavioral task

behavioral1

Sample

dc861ce845058409c19525c9928b84742465ce42f5c8ae821f518d582669540e.exe

Resource

win7v20210410

warzonerat aspackv2 evasion infostealer persistence rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

dc861ce845058409c19525c9928b84742465ce42f5c8ae821f518d582669540e.exe

Resource

win10v20210408

warzonerat aspackv2 evasion infostealer persistence rat

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  dc861ce845058409c19525c9928b84742465ce42f5c8ae821f518d582669540e
- Size
  
  1.2MB
- MD5
  
  522470db29dd1fec8b3543980178c9dc
- SHA1
  
  b6c47786e6c8484e6b2b5b6848fb6e3554d9dd60
- SHA256
  
  dc861ce845058409c19525c9928b84742465ce42f5c8ae821f518d582669540e
- SHA512
  
  8aa3b08d0ea1d1bb8ff968359639af808f81dd28d9b5197ef7107c77390e46fd82b9f830132c8d48ee34764b3b2cd95b52e24eb4b26c26cd454b6daa4de3e7b0
Score

10^/10

warzonerat aspackv2 evasion infostealer persistence rat
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

rataspackv2warzonerat

behavioral1

warzonerataspackv2evasioninfostealerpersistencerat

behavioral2

warzonerataspackv2evasioninfostealerpersistencerat

© 2018-2024

Terms | Privacy