warzonerat | 9989f56522f74833b209e3db7b0d44420bea16890a7b48e9e70d66221e9cd0db | Triage

Sharing

General

Target

9989f56522f74833b209e3db7b0d44420bea16890a7b48e9e70d66221e9cd0db
Size

279KB
Sample

220521-ntc26seba4
MD5

404a3e292a15a44240636fb66bb69d38
SHA1

d9ccf2ae2e32ac546060df488d81faff2d714d56
SHA256

9989f56522f74833b209e3db7b0d44420bea16890a7b48e9e70d66221e9cd0db
SHA512

6859afacc3615bc6ea8135368affec5e51ca3abef89caa8cc7131c62462614bc83305f16b6a61bfa18134481dabd6adfe0b4d7fbefce288e6d48ce90d73b93cd

Score

10^/10

warzonerat infostealer persistence rat

Malware Config

Extracted

Family

warzonerat

C2

bestgrace.mywire.org:2442

Targets

- Target
  
  Revised DWG original copy for confirmation.exe
- Size
  
  304KB
- MD5
  
  5a04e8ab195a8c2278f554825477e931
- SHA1
  
  bcc1e7eb3039178af32d9f45341e3cb284e458ac
- SHA256
  
  949e65785ee74b4ee36a4ae53e734e8a59df3b0792213589fc17cc7fb48712da
- SHA512
  
  dc0639e33b653ce2cb532938a47c2765c4a6a186aa3ce0469c6df17aeb655ba64ebfff7d01eeb51f641140eeadd257e1266c90fd77dd5ddebab6fd2ca1040f0f
Score

10^/10

warzonerat infostealer persistence rat
- Modifies WinLogon for persistence
  persistence
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratinfostealerpersistencerat

behavioral2

warzoneratinfostealerpersistencerat