warzonerat | 92a9815ec022fa578ffff992602b38249bbc96e22347437cf39045e89990cfee | Triage

Submit
Reports

Overview

overview

Static

static

image_1_fixed.exe

windows7-x64

image_1_fixed.exe

windows10-2004-x64

Sharing

General

Target

image_1_fixed.bin
Size

1.3MB
Sample

221112-zpzadshe57
MD5

6c619e498a706f721b253c37566be47c
SHA1

b74ca4f5f2c2f0636f60de96648e2825e2ab3a26
SHA256

92a9815ec022fa578ffff992602b38249bbc96e22347437cf39045e89990cfee
SHA512

d2fe0e0161935b9c20f3ec1d137b585ec20c0b6eab0e7b5c86ce75dec325db051d4030efd59415b40fd823b4759b66f4ebaa8b329ffe4f982e5fe4135f8253dc
SSDEEP

1536:I0jP7/L1B5rVmN8sxHv2M28ix8EUaJxWNB4u0OVE01:L1VmhaH8EFvWN0OVE0

Score

10^/10

warzonerat infostealer persistence rat

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

image_1_fixed.exe

Resource

win7-20220901-en

warzonerat infostealer persistence rat

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

image_1_fixed.exe

Resource

win10v2004-20220812-en

warzonerat infostealer persistence rat

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

newvic.myvnc.com:4157

Targets

- Target
  
  image_1_fixed.bin
- Size
  
  1.3MB
- MD5
  
  6c619e498a706f721b253c37566be47c
- SHA1
  
  b74ca4f5f2c2f0636f60de96648e2825e2ab3a26
- SHA256
  
  92a9815ec022fa578ffff992602b38249bbc96e22347437cf39045e89990cfee
- SHA512
  
  d2fe0e0161935b9c20f3ec1d137b585ec20c0b6eab0e7b5c86ce75dec325db051d4030efd59415b40fd823b4759b66f4ebaa8b329ffe4f982e5fe4135f8253dc
- SSDEEP
  
  1536:I0jP7/L1B5rVmN8sxHv2M28ix8EUaJxWNB4u0OVE01:L1VmhaH8EFvWN0OVE0
Score

10^/10

warzonerat infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratinfostealerpersistencerat

behavioral2

warzoneratinfostealerpersistencerat

© 2018-2024

Terms | Privacy