warzonerat | abe873564b0e32fc5bb87c9729451e45dcaea0c7687a982081a1b8eda7fdc9a1 | Triage

Sharing

General

Target

22.zip
Size

309KB
Sample

210616-cmqq25jn66
MD5

c90244e6a2ec258c36b9a7f32447c7b3
SHA1

d3a01f7277cba8885de7a1af73c84e568f614989
SHA256

abe873564b0e32fc5bb87c9729451e45dcaea0c7687a982081a1b8eda7fdc9a1
SHA512

9c5f096b715d4c976bc5dc690fc05bd61fb473cc66faea3a40e6f6108a9cf00ea1c01cefb1e9b5be79d724853ed8847594d8fc8c9e22dc508d87e4c2fb024e82

Score

10^/10

warzonerat infostealer persistence rat

Malware Config

Targets

- Target
  
  47016cd6498b7775702bafa55347999ef7407ab827c6077a4367032f43264bff.bin
- Size
  
  749KB
- MD5
  
  c7928d61219841af6d97ed429753aeaf
- SHA1
  
  3f4f4bea19147ae593b529ee0f070b7cbe562d5a
- SHA256
  
  47016cd6498b7775702bafa55347999ef7407ab827c6077a4367032f43264bff
- SHA512
  
  a06059e7462cb507c6d176389ffcb29ae62499b1c851b2e4076efde9d5d68a5ac83a74df99c671db339575aef6b756a4b9dca6d4ea1b7679ad7695b1161e1fa1
Score

10^/10

warzonerat infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

warzoneratinfostealerpersistencerat