894c5373ef237ed4ac23126973dbc1862929a4d175039c42673a6acf2486a9fd

Target

Size

418KB

Sample

220521-xaj6tabcf9

Score

10 ^/10

MD5

bed2d285f1b7b393ce53932c805d28b6

SHA1

bb87dad8d47155b900e7c36f57cece9fd3f294ca

SHA256

894c5373ef237ed4ac23126973dbc1862929a4d175039c42673a6acf2486a9fd

SHA512

2ce19275a35221341821b1dc91659f16955cc3aadaf449da4636d65f8eb092b410cf9a85e4dc001ae1824d71fb87d39a6823298113be6f485d181d67db685117

Extracted

Family	warzonerat
C2	79.134.225.40:5200 79.134.225.40:5200

Target

New Order.exe

MD5

fb5b35716632d1ec30f13ea6c1c8ac69

Filesize

1MB

Score

10^/10

SHA1

c4a066ecb0e73b431561eb5f209af51e361f0467

SHA256

a33a4dcab1d0b4c87dc0041862aef871d365273a0baa94162ef4ff85af51c578

SHA512

c1028ab4f4830c1166ba393ac1fff986e6c6cb9ada84af54c707998342005297e3abb16129368c2420cecebd4877d11edc9dca1ed118eabe349521e58139245b

Signatures

WarzoneRat, AveMaria
Description

WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
Tags

rat infostealer warzonerat
Warzone RAT Payload
Tags

rat
Executes dropped EXE
Drops startup file
Loads dropped DLL
Adds Run key to start application
Tags

persistence

TTPs

Registry Run Keys / Startup FolderModify Registry

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

static1

behavioral1

warzonerat infostealer persistence rat

10^/10

behavioral2

warzonerat infostealer persistence rat

10^/10

Extracted

Tags

Signatures

WarzoneRat, AveMaria

Description

Tags

Warzone RAT Payload

Tags

Executes dropped EXE

Drops startup file

Loads dropped DLL

Adds Run key to start application

Tags

TTPs

Related Tasks

static1

behavioral1

behavioral2