warzonerat | 111bed7d916dd97f632da64fb1c99beb86ab4a2dc13c0b066a8e2ecf8cb2158e | Triage

Submit
Reports

Overview

overview

Static

static

Payment slip.exe

windows7-x64

6

Payment slip.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

Payment slip.exe
Size

4.3MB
Sample

221031-sbk3aabcb6
MD5

80ecd0b6e261e2e72110d34ccd296106
SHA1

17b4719a0068340ddfac521c9a413386a94c0dc1
SHA256

111bed7d916dd97f632da64fb1c99beb86ab4a2dc13c0b066a8e2ecf8cb2158e
SHA512

dae000acd0dbd514c2182dff2b3641834af29b2168a0a11a001afa7278106acd79770f1fc80513462c52d8dd5a871b52dd8b3ed9052aaca4b94f2b10d181a6ef
SSDEEP

24576:hvaxvPJCJdkd0H2ma1rNFqOsx+7C9hvP9T8nrcXC7VNlwH4mQf+asgAWN5r4mN8+:

Score

10^/10

warzonerat infostealer persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

Payment slip.exe

Resource

win7-20220812-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

Payment slip.exe

Resource

win10v2004-20220812-en

warzonerat infostealer persistence rat

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

willia2.ddns.net:5059

Targets

- Target
  
  Payment slip.exe
- Size
  
  4.3MB
- MD5
  
  80ecd0b6e261e2e72110d34ccd296106
- SHA1
  
  17b4719a0068340ddfac521c9a413386a94c0dc1
- SHA256
  
  111bed7d916dd97f632da64fb1c99beb86ab4a2dc13c0b066a8e2ecf8cb2158e
- SHA512
  
  dae000acd0dbd514c2182dff2b3641834af29b2168a0a11a001afa7278106acd79770f1fc80513462c52d8dd5a871b52dd8b3ed9052aaca4b94f2b10d181a6ef
- SSDEEP
  
  24576:hvaxvPJCJdkd0H2ma1rNFqOsx+7C9hvP9T8nrcXC7VNlwH4mQf+asgAWN5r4mN8+:
Score

10^/10

persistence warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

warzoneratinfostealerpersistencerat

© 2018-2025

Terms | Privacy