warzonerat | 99132457ab16ed22ad2581ad07c1f4bbd07c4adcb12e39e74df9d150f13c84b7 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

99132457ab16ed22ad2581ad07c1f4bbd07c4adcb12e39e74df9d150f13c84b7
Size

52KB
Sample

211014-xscvfsahgn
MD5

1bd356bd20a2de1c53bc28104ee97d18
SHA1

a32e710ebd3613e65fa90bd8824995bbff83794e
SHA256

99132457ab16ed22ad2581ad07c1f4bbd07c4adcb12e39e74df9d150f13c84b7
SHA512

6ff5deb8b34c24fdb5eaf7bfcf155d7afeddd553d61a9d61421f34fdabb6a8d0cd89c54ef0654d79988f4c52bf148ea85acdd409e2eada88636747ea0bd85fd8

Score

10^/10

warzonerat evasion infostealer rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

99132457ab16ed22ad2581ad07c1f4bbd07c4adcb12e39e74df9d150f13c84b7.exe

Resource

win10-en-20210920

warzonerat evasion infostealer rat trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

185.140.53.199:5200

Targets

- Target
  
  99132457ab16ed22ad2581ad07c1f4bbd07c4adcb12e39e74df9d150f13c84b7
- Size
  
  52KB
- MD5
  
  1bd356bd20a2de1c53bc28104ee97d18
- SHA1
  
  a32e710ebd3613e65fa90bd8824995bbff83794e
- SHA256
  
  99132457ab16ed22ad2581ad07c1f4bbd07c4adcb12e39e74df9d150f13c84b7
- SHA512
  
  6ff5deb8b34c24fdb5eaf7bfcf155d7afeddd553d61a9d61421f34fdabb6a8d0cd89c54ef0654d79988f4c52bf148ea85acdd409e2eada88636747ea0bd85fd8
Score

10^/10

warzonerat evasion infostealer rat trojan
- Turns off Windows Defender SpyNet reporting
  evasion
- UAC bypass
  evasion trojan
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Windows security bypass
  evasion trojan
- Nirsoft
- Warzone RAT Payload
  rat
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

Defense Evasion

Disabling Security Tools

Modify Registry

Bypass User Account Control

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratevasioninfostealerrattrojan

© 2018-2024

Terms | Privacy