warzonerat | a8e9ff8520a1ddf67e25641f39246976117be887b68d8bc24c890ae511723254 | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...17.exe

windows7_x64

1

SecuriteIn...17.exe

windows10_x64

Sharing

General

Target

SecuriteInfo.com.Trojan.Win32.Save.a.16917.11217
Size

1.3MB
Sample

210608-8a1k28atka
MD5

e7e098ec6c3ca85ffd4cb7f2c4605311
SHA1

8d300f5e2ca8375173de14d4319209f16fc1c10e
SHA256

a8e9ff8520a1ddf67e25641f39246976117be887b68d8bc24c890ae511723254
SHA512

4ba3b152268116d36c33e5e1a7f079b907d68465084da8725225b08de4ffaadc42bc9464806b359ab197031be2bb7554c1d422773f66bc469b2701d96a0b77d0

Score

10^/10

warzonerat infostealer persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Trojan.Win32.Save.a.16917.11217.exe

Resource

win7v20210408

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Trojan.Win32.Save.a.16917.11217.exe

Resource

win10v20210410

warzonerat infostealer persistence rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

79.134.225.94:5352

Targets

- Target
  
  SecuriteInfo.com.Trojan.Win32.Save.a.16917.11217
- Size
  
  1.3MB
- MD5
  
  e7e098ec6c3ca85ffd4cb7f2c4605311
- SHA1
  
  8d300f5e2ca8375173de14d4319209f16fc1c10e
- SHA256
  
  a8e9ff8520a1ddf67e25641f39246976117be887b68d8bc24c890ae511723254
- SHA512
  
  4ba3b152268116d36c33e5e1a7f079b907d68465084da8725225b08de4ffaadc42bc9464806b359ab197031be2bb7554c1d422773f66bc469b2701d96a0b77d0
Score

10^/10

warzonerat infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

warzoneratinfostealerpersistencerat

© 2018-2024

Terms | Privacy