warzonerat | 38d6bfa22e0921e6d7bc625f64ef700d87bdf7d00cf4896c4f39e86cb2731ccc | Triage

Submit
Reports

Overview

overview

Static

static

DHL Receip...nt.exe

windows7_x64

3

DHL Receip...nt.exe

windows10_x64

Sharing

General

Target

DHL Receipt Document.exe
Size

1.2MB
Sample

220405-sklp6sceck
MD5

fbdfab37fbd0f2a74ba0efd0cd0bb5eb
SHA1

5f7122630d83ad50f15b1774221a55441cf8b76c
SHA256

38d6bfa22e0921e6d7bc625f64ef700d87bdf7d00cf4896c4f39e86cb2731ccc
SHA512

992429697e66dfb05374114f4537bc4ecede5e49bc79d78372e82bcf1d1bf220ba43bc7722ff01c89ed8c9d06107c32f33f10d02ce7e24c4700a67297f7bea82

Score

10^/10

warzonerat evasion infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

DHL Receipt Document.exe

Resource

win7-20220331-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

DHL Receipt Document.exe

Resource

win10-20220331-en

warzonerat evasion infostealer rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

grace2nation.ddns.net:8657

Targets

- Target
  
  DHL Receipt Document.exe
- Size
  
  1.2MB
- MD5
  
  fbdfab37fbd0f2a74ba0efd0cd0bb5eb
- SHA1
  
  5f7122630d83ad50f15b1774221a55441cf8b76c
- SHA256
  
  38d6bfa22e0921e6d7bc625f64ef700d87bdf7d00cf4896c4f39e86cb2731ccc
- SHA512
  
  992429697e66dfb05374114f4537bc4ecede5e49bc79d78372e82bcf1d1bf220ba43bc7722ff01c89ed8c9d06107c32f33f10d02ce7e24c4700a67297f7bea82
Score

10^/10

warzonerat evasion infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Looks for VirtualBox Guest Additions in registry
  evasion
- Warzone RAT Payload
  rat
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

warzoneratevasioninfostealerrat

© 2018-2024

Terms | Privacy