warzonerat | 295f71220bf75ffa4c74ec9e8635e8775be9709fac617e919bc09e65175ff1d8 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

295f71220bf75ffa4c74ec9e8635e8775be9709fac617e919bc09e65175ff1d8
Size

221KB
Sample

221121-ltrt8ahc6v
MD5

45cae8b30bd34adaaae27bfc1a716e66
SHA1

bcda483d2f56b3f5fad42e4e50e4abba5ef4632f
SHA256

295f71220bf75ffa4c74ec9e8635e8775be9709fac617e919bc09e65175ff1d8
SHA512

a16c3b3caea74409281006accac29967bcb4cf480bbc91cabcfcdba1b4b2f39b17ca0565f2a616e26ccf207e5fef28ecb580a3fd9b592c80636bc54c3ce82fb5
SSDEEP

3072:/mt9G4DqpuiR/QltJMXn15PfEJk3w3t3rW4l248V3FMrF4M9OG6Ns8mcQ:HlUiR/QltO3PfE/xCVdKrL9Ox

Score

10^/10

warzonerat collection infostealer persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

295f71220bf75ffa4c74ec9e8635e8775be9709fac617e919bc09e65175ff1d8.exe

Resource

win10v2004-20221111-en

warzonerat collection infostealer persistence rat

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

51.75.209.245:5200

Targets

- Target
  
  295f71220bf75ffa4c74ec9e8635e8775be9709fac617e919bc09e65175ff1d8
- Size
  
  221KB
- MD5
  
  45cae8b30bd34adaaae27bfc1a716e66
- SHA1
  
  bcda483d2f56b3f5fad42e4e50e4abba5ef4632f
- SHA256
  
  295f71220bf75ffa4c74ec9e8635e8775be9709fac617e919bc09e65175ff1d8
- SHA512
  
  a16c3b3caea74409281006accac29967bcb4cf480bbc91cabcfcdba1b4b2f39b17ca0565f2a616e26ccf207e5fef28ecb580a3fd9b592c80636bc54c3ce82fb5
- SSDEEP
  
  3072:/mt9G4DqpuiR/QltJMXn15PfEJk3w3t3rW4l248V3FMrF4M9OG6Ns8mcQ:HlUiR/QltO3PfE/xCVdKrL9Ox
Score

10^/10

warzonerat collection infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Sets DLL path for service in the registry
  persistence
- Drops startup file
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratcollectioninfostealerpersistencerat

© 2018-2024

Terms | Privacy