warzonerat | 0ef9a5163ff41cc93ce7ad3ae8501298ac75eacfbd8395d3ae3f72b2586b746f | Triage

Submit
Reports

Overview

overview

Static

static

75819abac2...10.exe

windows7-x64

75819abac2...10.exe

windows10-2004-x64

Sharing

General

Target

75819abac26d3f25688715697c14ea10.exe
Size

803KB
Sample

221114-qc774abg36
MD5

75819abac26d3f25688715697c14ea10
SHA1

2be013e7f9988bf6c00193d1479a276d080fabcc
SHA256

0ef9a5163ff41cc93ce7ad3ae8501298ac75eacfbd8395d3ae3f72b2586b746f
SHA512

33b257d5dd4c89bf2326d76e84604c3d1dfc0e34201ae01d4d3846173da6eafcbe472588f9d503bad2f40cc15968dfedac3cf5316cdb31b0f03bcbdbac02e328
SSDEEP

12288:2oAviU251k9btMOKdACf8uHts5oegqVBQva5TsyhdgxJU25:2oAxoOhMVAZuHG5XbyiKEKk25

Score

10^/10

warzonerat infostealer persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

75819abac26d3f25688715697c14ea10.exe

Resource

win7-20220812-en

warzonerat infostealer persistence rat

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

75819abac26d3f25688715697c14ea10.exe

Resource

win10v2004-20220901-en

warzonerat infostealer persistence rat

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

newvic.myvnc.com:4157

Targets

- Target
  
  75819abac26d3f25688715697c14ea10.exe
- Size
  
  803KB
- MD5
  
  75819abac26d3f25688715697c14ea10
- SHA1
  
  2be013e7f9988bf6c00193d1479a276d080fabcc
- SHA256
  
  0ef9a5163ff41cc93ce7ad3ae8501298ac75eacfbd8395d3ae3f72b2586b746f
- SHA512
  
  33b257d5dd4c89bf2326d76e84604c3d1dfc0e34201ae01d4d3846173da6eafcbe472588f9d503bad2f40cc15968dfedac3cf5316cdb31b0f03bcbdbac02e328
- SSDEEP
  
  12288:2oAviU251k9btMOKdACf8uHts5oegqVBQva5TsyhdgxJU25:2oAxoOhMVAZuHG5XbyiKEKk25
Score

10^/10

warzonerat infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratinfostealerpersistencerat

behavioral2

warzoneratinfostealerpersistencerat

© 2018-2024

Terms | Privacy