warzonerat | 479602f23ad386779cd1329f35f27b7ea9bdc4aab103b07c8c78ed842827a078 | Triage

Sharing

General

Target

0x00070000000132e5-55.dat
Size

132KB
Sample

221120-t54xxsaf24
MD5

5cf52aea15ebdef8a216f5a3d4f44c73
SHA1

b7394c7347b84db2d878e9deb260862d51023dd4
SHA256

479602f23ad386779cd1329f35f27b7ea9bdc4aab103b07c8c78ed842827a078
SHA512

230112cc5fad35c11b70d610c93ac97e5c7a74c7f205b3b23faeb08efd679c8dd2969dc464272f3acdd10d6a32aa25e20e2e136550cfe399afbbb1d0928ffe4b
SSDEEP

3072:K7W9jps0Tx4azG6GweOTir5axbjNCz45LT7a:KwpsERzGKurEXCzeLT7a

Score

10^/10

warzonerat infostealer persistence rat

Malware Config

Extracted

Family

warzonerat

C2

45.139.105.147:5200

Targets

- Target
  
  0x00070000000132e5-55.dat
- Size
  
  132KB
- MD5
  
  5cf52aea15ebdef8a216f5a3d4f44c73
- SHA1
  
  b7394c7347b84db2d878e9deb260862d51023dd4
- SHA256
  
  479602f23ad386779cd1329f35f27b7ea9bdc4aab103b07c8c78ed842827a078
- SHA512
  
  230112cc5fad35c11b70d610c93ac97e5c7a74c7f205b3b23faeb08efd679c8dd2969dc464272f3acdd10d6a32aa25e20e2e136550cfe399afbbb1d0928ffe4b
- SSDEEP
  
  3072:K7W9jps0Tx4azG6GweOTir5axbjNCz45LT7a:KwpsERzGKurEXCzeLT7a
Score

10^/10

warzonerat infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratinfostealerpersistencerat

behavioral2

warzoneratinfostealerpersistencerat