warzonerat | f76a6159bfa4a475f623a5969e9ed6f83dc9ba382a0a0e39332507fca8fc06b8 | Triage

Submit
Reports

Overview

overview

Static

static

Payroll Oc...25.xls

windows7_x64

Payroll Oc...25.xls

windows10_x64

Sharing

General

Target

Payroll October_25.xls
Size

35KB
Sample

211025-yj1etshdgr
MD5

2cd1c85653a455037cc06e28f618cadd
SHA1

1c73eecf53204098c00396764f440e94e226e85f
SHA256

f76a6159bfa4a475f623a5969e9ed6f83dc9ba382a0a0e39332507fca8fc06b8
SHA512

0e6a0eaea95e27be9cee58300c99199bdb307e63672ee68dcc518974014e0a06bd6f9a5ee79df2353d2a99af4f1df54e94e2d08417490bc1912d1d5435426b2b

Score

10^/10

warzonerat infostealer persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

Payroll October_25.xls

Resource

win7-en-20211014

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Payroll October_25.xls

Resource

win10-en-20210920

warzonerat infostealer persistence rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

mobibagugu.duckdns.org:666

Targets

- Target
  
  Payroll October_25.xls
- Size
  
  35KB
- MD5
  
  2cd1c85653a455037cc06e28f618cadd
- SHA1
  
  1c73eecf53204098c00396764f440e94e226e85f
- SHA256
  
  f76a6159bfa4a475f623a5969e9ed6f83dc9ba382a0a0e39332507fca8fc06b8
- SHA512
  
  0e6a0eaea95e27be9cee58300c99199bdb307e63672ee68dcc518974014e0a06bd6f9a5ee79df2353d2a99af4f1df54e94e2d08417490bc1912d1d5435426b2b
Score

10^/10

persistence warzonerat infostealer rat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Blocklisted process makes network request
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

warzoneratinfostealerpersistencerat

© 2018-2024

Terms | Privacy