warzonerat | 5de84aa2add47410864a29eaeedae99fbd485681eedec214c9e7e65de36a5035 | Triage

Submit
Reports

Overview

overview

Static

static

Avast-install.exe

windows7_x64

Avast-install.exe

windows10_x64

Sharing

General

Target

Avast-install.ace
Size

842KB
Sample

210707-cz83gm1ebx
MD5

c028ef7fb63423a32ab156e5ed8885cd
SHA1

5258ca2434f659a0cffe25ba6ae54cbc1760a889
SHA256

5de84aa2add47410864a29eaeedae99fbd485681eedec214c9e7e65de36a5035
SHA512

b600a6fb98f48eae7acfece839fff416e665e4c66c0550b281613604e3152ea2615c9c64eee109a0fe026ca6c04d7b3bca94882501046d6a9dfcaa6206e5b4e6

Score

10^/10

warzonerat infostealer persistence rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Avast-install.exe

Resource

win7v20210408

warzonerat infostealer persistence rat spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Avast-install.exe

Resource

win10v20210410

warzonerat infostealer persistence rat spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

msteelwar.ddns.net:47680

Targets

- Target
  
  Avast-install.exe
- Size
  
  3.1MB
- MD5
  
  c0096c0b89bd0f639eda7ac0c2ace030
- SHA1
  
  e470692a6e9fe2533edfacc9646b8b85a63e39a8
- SHA256
  
  a90d8742974ccf9df7d736eed7b071aa280c614368dd18114edd8384d9506621
- SHA512
  
  a0e53925fb081937130f1d6fb60f448edde4d6e4fa80c88167459931eae023699b3d2e593b41a22f2d6dd93f51056c0925dc0f3b91d086f23c4d9bef060d4651
Score

10^/10

warzonerat infostealer persistence rat spyware stealer
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratinfostealerpersistenceratspywarestealer

behavioral2

warzoneratinfostealerpersistenceratspywarestealer

© 2018-2024

Terms | Privacy