warzonerat | 2a821f47990a24c0b9dc1d9cb6c2e21e231a2dde273f7bd329afaf042dcd16e6 | Triage

Submit
Reports

Overview

overview

Static

static

1

New Order.exe

windows7-x64

New Order.exe

windows10-2004-x64

8

Sharing

General

Target

New Order.zip
Size

156KB
Sample

221114-mr9gxsbh9w
MD5

59e255e0aab152ed57a7e5964f990822
SHA1

f8cfb2071f21aa1ae8220e7e8f6a6eac43f1a428
SHA256

2a821f47990a24c0b9dc1d9cb6c2e21e231a2dde273f7bd329afaf042dcd16e6
SHA512

302544f7b1134c0310bf8d0b3772dbc7fb7a70317e494b613ebdf91393a4519419c6082bc1eec0dab0851b1cbe0b9d602090be30173b935b7c56b86d41bc86f6
SSDEEP

3072:nCC3QJUMCl0m/MkefnhcMTVQX5/8vJcztxSudG54QmwkloHypfT3xAt6tG:nCC3+ClnMrfnhcwvJzD5473LxxAGG

Score

10^/10

warzonerat infostealer persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

New Order.exe

Resource

win7-20220901-en

warzonerat infostealer persistence rat

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

New Order.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

rajsavindia.hopto.org:5067

Targets

- Target
  
  New Order.exe
- Size
  
  182KB
- MD5
  
  87f1fa2cbb6d89478f3410e4275ee136
- SHA1
  
  eadfde48ac259605190da64fb577314e744f7e40
- SHA256
  
  aea7a35212e49f49012cdfffd1439eb1ad9e6e761345b17ebcfbc5a8dd9dd7a5
- SHA512
  
  81b865a594be3f7141ba78fa93c743dfbd43e99dada8bf87cfdda2c0783ec1ba258599bc9335ba698281624cfcfe4be0bec4935de6809b88d25e34284c9a2f75
- SSDEEP
  
  3072:WYJSq+ytGIon9KcHJnmZ6Fl2SfwM5p/jSalX5/8vJ+ztxoudG54QMwkloHYp4iqx:TEa0+Wz55hSvJFD54n3vKiCv7B
Score

10^/10

warzonerat infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratinfostealerpersistencerat

behavioral2

© 2018-2024

Terms | Privacy