warzonerat | 3227adef3bb92d94337e08fba6b7a73dbc93b06239d6af04625c571f6755fd6e | Triage

Analysis

max time kernel
146s
max time network
151s
platform
windows10_x64
resource
win10v20210408
submitted
10-07-2021 11:02

Sharing

Report Analysis Logs

General

Target

c62b1fdc546779ba469db64d1cb60e22.exe
Size

113KB
MD5

c62b1fdc546779ba469db64d1cb60e22
SHA1

4ed27e66827e84742e9bf004a946ef885eb63339
SHA256

3227adef3bb92d94337e08fba6b7a73dbc93b06239d6af04625c571f6755fd6e
SHA512

05da8cbf014406d10d9273707ac0c4524176bff8da11340a93c86380f5bcdbc95f63e0c4bc7ac072cc2a4d77972554d1e75f945943ac7b1793bf89f05e3c4197

Score

10^/10

warzonerat infostealer rat

Malware Config

Signatures

WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
rat infostealer warzonerat

Drops startup file 2 IoCs

Processes:

c62b1fdc546779ba469db64d1cb60e22.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\programs.bat	c62b1fdc546779ba469db64d1cb60e22.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\programs.bat:start	c62b1fdc546779ba469db64d1cb60e22.exe

NTFS ADS 2 IoCs

Processes:

c62b1fdc546779ba469db64d1cb60e22.exe

description	ioc	process
File created	C:\ProgramData:ApplicationData	c62b1fdc546779ba469db64d1cb60e22.exe
File opened for modification	C:\ProgramData:ApplicationData	c62b1fdc546779ba469db64d1cb60e22.exe

C:\Users\Admin\AppData\Local\Temp\c62b1fdc546779ba469db64d1cb60e22.exe
"C:\Users\Admin\AppData\Local\Temp\c62b1fdc546779ba469db64d1cb60e22.exe"
1⤵
- Drops startup file
- NTFS ADS
PID:504

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...