warzonerat | 1d51b43253d41585e396206ef45b4bd0c30ca084c873b0407b65e5fa388ad6b2 | Triage

Submit
Reports

Overview

overview

Static

static

Tender Enq...17.exe

windows10-2004-x64

Sharing

General

Target

Tender Enquiry Ref TE-004717.cab
Size

398KB
Sample

221122-1fqgkadd7w
MD5

09386f9b5221fec64b3749926be55895
SHA1

849b1893cb07e9a79ec7711462b08d52859bf6fe
SHA256

1d51b43253d41585e396206ef45b4bd0c30ca084c873b0407b65e5fa388ad6b2
SHA512

ad09a694a3c7024ac90ab210f01a5e369242e463ccead798a3b5ee67a0d542b859f0e0843290def9408ecdf36c4826d5213e8d1a48a04ce6deec62a756b3160e
SSDEEP

12288:AGlrj45iiSBkaaUjcU+y+AbDNr0ACuzEL4sHQQHjd6mtjXk:AGr85Tkf+KbDFFCuzQ4sHQaj5Q

Score

10^/10

warzonerat infostealer persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

Tender Enquiry Ref TE-004717.exe

Resource

win10v2004-20220812-ja

warzonerat infostealer persistence rat

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

untyaru.casacam.net:2301

Targets

- Target
  
  Tender Enquiry Ref TE-004717.exe
- Size
  
  639KB
- MD5
  
  b6190fd990de2a286986baee1ead5d87
- SHA1
  
  d4b84ca930f35a5756f0e988a1a681e8d1f51b8c
- SHA256
  
  28b7b46f61a94073b0d77b148830eabfcec7345aa69d0cb0a48d5752c82720dd
- SHA512
  
  080c36069750c563d6ac723261dc7d000aeb60be196b329b89a7e22d2e18fd9d137d2af5bc666c5764ca362bcbeb72f2ce035eae659461085e5435b1f964a541
- SSDEEP
  
  6144:FO/mQZlDu/7fluu4/qxAKv3zKTRR3kKWxrz60LJC22CCJj2LzG1k+xra6W4wrd6w:GI2AW/R3KtaOvGvweT8wudA
Score

10^/10

warzonerat infostealer persistence rat
- Modifies WinLogon for persistence
  persistence
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratinfostealerpersistencerat

© 2018-2024

Terms | Privacy