warzonerat | b5633b89bc09a7e0bfdb617572df279f2a08518ffe186ad3c372f2b53c210996 | Triage

Sharing

General

Target

feo.exe
Size

704KB
Sample

210528-z6y8fpynle
MD5

bc3c20b25e79e6ed82ba7ab84934067d
SHA1

5a18f78cf60c527c60a8b6f67c9857bdf4426be8
SHA256

b5633b89bc09a7e0bfdb617572df279f2a08518ffe186ad3c372f2b53c210996
SHA512

5b1d28f733c6e51a1c1cf6eb25e08cf0a53c64bb91fa730732b6fb7fe1a63b6ec370044fe6eb55c48982b5b1ed1a8a4ddd33e69eb2ab6b54f92ae400b326c7da

Score

10^/10

warzonerat infostealer persistence rat

Malware Config

Extracted

Family

warzonerat

C2

adebaree.duckdns.org:9145

Targets

- Target
  
  feo.exe
- Size
  
  704KB
- MD5
  
  bc3c20b25e79e6ed82ba7ab84934067d
- SHA1
  
  5a18f78cf60c527c60a8b6f67c9857bdf4426be8
- SHA256
  
  b5633b89bc09a7e0bfdb617572df279f2a08518ffe186ad3c372f2b53c210996
- SHA512
  
  5b1d28f733c6e51a1c1cf6eb25e08cf0a53c64bb91fa730732b6fb7fe1a63b6ec370044fe6eb55c48982b5b1ed1a8a4ddd33e69eb2ab6b54f92ae400b326c7da
Score

10^/10

warzonerat infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

warzoneratinfostealerpersistencerat