warzonerat | eeb9abcea9e7dba40329aa5bcb09ce413b7a604c55dbd5b6762c325faaaaf63e | Triage

Submit
Reports

Overview

overview

Static

static

New_202017...84.exe

windows7_x64

New_202017...84.exe

windows10-2004_x64

Sharing

General

Target

eeb9abcea9e7dba40329aa5bcb09ce413b7a604c55dbd5b6762c325faaaaf63e
Size

377KB
Sample

220521-n5aq7aefd2
MD5

243c7f90732732f83d208de9f687f601
SHA1

8c051f8b052f7c6c6ba8996b5c201d0cd07f2d3a
SHA256

eeb9abcea9e7dba40329aa5bcb09ce413b7a604c55dbd5b6762c325faaaaf63e
SHA512

908db59f383aba318fbd64836ab47a42b6354e694f7d808c1caf5cd82be3b0265e9f163db4f849b83e3c277a9adb2e32e0f0c1969df8d9ce2563740023cd9699

Score

10^/10

warzonerat infostealer persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

New_202017083636353552679474747484.exe

Resource

win7-20220414-en

warzonerat infostealer persistence rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

New_202017083636353552679474747484.exe

Resource

win10v2004-20220414-en

warzonerat infostealer persistence rat

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

185.244.30.94:2626

Targets

- Target
  
  New_202017083636353552679474747484.exe
- Size
  
  423KB
- MD5
  
  64dec1f99745e0832850745e025df14c
- SHA1
  
  95af4fa6ec93dc33506549369cb45afd24e9fb4a
- SHA256
  
  109c732fb8dab15970fff8c7b9bae65b2f29edd8bef809518ddcaca8bd5ddfbb
- SHA512
  
  436c54b0dcab72fb0d776915f0753ee83b902b3d8ffb9a6c0cfbed8a6337c57c672b9b55e970aa7f8e4c39213f68d6082dc39265a83416b02fb48e0f0bedd2a4
Score

10^/10

warzonerat infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratinfostealerpersistencerat

behavioral2

warzoneratinfostealerpersistencerat

© 2018-2024

Terms | Privacy