warzonerat | 27fd2ab0bbd65cbe5625932fa7ab1f484a06cbdff8868129f10cd92321d99daf | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

27fd2ab0bbd65cbe5625932fa7ab1f484a06cbdff8868129f10cd92321d99daf
Size

951KB
Sample

220923-g92xxaddb9
MD5

87b246b26208a9831a4372664c518c2c
SHA1

1599cbf0ee49dcb787866fbb7c297094ecd3ab4f
SHA256

27fd2ab0bbd65cbe5625932fa7ab1f484a06cbdff8868129f10cd92321d99daf
SHA512

4e7f5a217dbcd34eaadf867cd75acb23ae01730794ae8ac23a2428be5160fa8dff78b5b3e202a1e898e73126cea4fe19bf6a9f6457d136433d61e16435d69ff1
SSDEEP

12288:ahLuyAHrR2ZEgL6+8ik8VuLCBTodngkt8OsyqAx+NbqzjMRZeFoTPo:ahLuyyNmadFdgsF+NZRZeFgo

Score

10^/10

warzonerat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

27fd2ab0bbd65cbe5625932fa7ab1f484a06cbdff8868129f10cd92321d99daf.exe

Resource

win10v2004-20220812-en

warzonerat infostealer rat

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

20.126.95.155:7800

Targets

- Target
  
  27fd2ab0bbd65cbe5625932fa7ab1f484a06cbdff8868129f10cd92321d99daf
- Size
  
  951KB
- MD5
  
  87b246b26208a9831a4372664c518c2c
- SHA1
  
  1599cbf0ee49dcb787866fbb7c297094ecd3ab4f
- SHA256
  
  27fd2ab0bbd65cbe5625932fa7ab1f484a06cbdff8868129f10cd92321d99daf
- SHA512
  
  4e7f5a217dbcd34eaadf867cd75acb23ae01730794ae8ac23a2428be5160fa8dff78b5b3e202a1e898e73126cea4fe19bf6a9f6457d136433d61e16435d69ff1
- SSDEEP
  
  12288:ahLuyAHrR2ZEgL6+8ik8VuLCBTodngkt8OsyqAx+NbqzjMRZeFoTPo:ahLuyyNmadFdgsF+NZRZeFgo
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratinfostealerrat

© 2018-2024

Terms | Privacy