warzonerat | 1978a07d1ccf042531af3f62bc5228df04f10c9b9b0a6a61ebc98df839bec2f6 | Triage

Submit
Reports

Overview

overview

Static

static

1978a07d1c...f6.exe

windows7-x64

1978a07d1c...f6.exe

windows10-2004-x64

Sharing

General

Target

1978a07d1ccf042531af3f62bc5228df04f10c9b9b0a6a61ebc98df839bec2f6.exe
Size

293KB
Sample

221109-p1fx3saefj
MD5

c39e109ba4d5c3d70f28b118f6b7492c
SHA1

06acfb0e75f00480cdde224aac25a7987b24fec5
SHA256

1978a07d1ccf042531af3f62bc5228df04f10c9b9b0a6a61ebc98df839bec2f6
SHA512

99aa51a58f6ff32004899b05f5afdf8f71044dbb9e750e04e31004726faea98445a0ceb9c7fccc603cccc84f56cd048744be090e77b365e9353a99bebbb02cc1
SSDEEP

6144:72GhN2db088fTdUuNU0we+HPps1zcJLVPzGKl5vGlEjqNHk:72iNG088fTWsU0wJBsGJPf

Score

10^/10

warzonerat infostealer rat rezer0

Static task

static1

Behavioral task

behavioral1

Sample

1978a07d1ccf042531af3f62bc5228df04f10c9b9b0a6a61ebc98df839bec2f6.exe

Resource

win7-20220901-en

warzonerat infostealer rat rezer0

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

1978a07d1ccf042531af3f62bc5228df04f10c9b9b0a6a61ebc98df839bec2f6.exe

Resource

win10v2004-20220812-en

warzonerat infostealer rat

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

168.61.222.215:5400

Targets

- Target
  
  1978a07d1ccf042531af3f62bc5228df04f10c9b9b0a6a61ebc98df839bec2f6.exe
- Size
  
  293KB
- MD5
  
  c39e109ba4d5c3d70f28b118f6b7492c
- SHA1
  
  06acfb0e75f00480cdde224aac25a7987b24fec5
- SHA256
  
  1978a07d1ccf042531af3f62bc5228df04f10c9b9b0a6a61ebc98df839bec2f6
- SHA512
  
  99aa51a58f6ff32004899b05f5afdf8f71044dbb9e750e04e31004726faea98445a0ceb9c7fccc603cccc84f56cd048744be090e77b365e9353a99bebbb02cc1
- SSDEEP
  
  6144:72GhN2db088fTdUuNU0we+HPps1zcJLVPzGKl5vGlEjqNHk:72iNG088fTWsU0wJBsGJPf
Score

10^/10

warzonerat infostealer rat rezer0
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Warzone RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratinfostealerratrezer0

behavioral2

warzoneratinfostealerrat

© 2018-2024

Terms | Privacy