warzonerat | abf24499470a3d16f45c1b747820a07784a1f98a5e29b2eb8414adcefe83012b | Triage

Submit
Reports

Overview

overview

Static

static

Bank Slip_...-B.scr

windows7_x64

Bank Slip_...-B.scr

windows10_x64

Sharing

General

Target

Bank Slip_SC -038-20210303-B.scr
Size

1.1MB
Sample

210701-1j9ba3dmkx
MD5

0de04896312059da5e706416636ce15d
SHA1

d4b032118b54ef9772898e3db50c7524fbab9714
SHA256

abf24499470a3d16f45c1b747820a07784a1f98a5e29b2eb8414adcefe83012b
SHA512

5334242bc77d921b5ffb0b2883ece61abd47b90eb3c038e922b4b89542a4d8dba147273c173281a80b9b4476e1c5e84cd942b0dc618d911e33badeb962358823

Score

10^/10

warzonerat infostealer persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

Bank Slip_SC -038-20210303-B.scr

Resource

win7v20210410

warzonerat infostealer persistence rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Bank Slip_SC -038-20210303-B.scr

Resource

win10v20210410

warzonerat infostealer persistence rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

79.134.225.119:9584

Targets

- Target
  
  Bank Slip_SC -038-20210303-B.scr
- Size
  
  1.1MB
- MD5
  
  0de04896312059da5e706416636ce15d
- SHA1
  
  d4b032118b54ef9772898e3db50c7524fbab9714
- SHA256
  
  abf24499470a3d16f45c1b747820a07784a1f98a5e29b2eb8414adcefe83012b
- SHA512
  
  5334242bc77d921b5ffb0b2883ece61abd47b90eb3c038e922b4b89542a4d8dba147273c173281a80b9b4476e1c5e84cd942b0dc618d911e33badeb962358823
Score

10^/10

warzonerat infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratinfostealerpersistencerat

behavioral2

warzoneratinfostealerpersistencerat

© 2018-2024

Terms | Privacy