warzonerat | 4c291ca539417c3ccf6442e66711d2bec550814bdb2513ca2d796090f8543814 | Triage

Submit
Reports

Overview

overview

Static

static

4c291ca539...14.exe

windows7-x64

4c291ca539...14.exe

windows10-2004-x64

Sharing

General

Target

4c291ca539417c3ccf6442e66711d2bec550814bdb2513ca2d796090f8543814
Size

235KB
Sample

221122-jcn1wsea95
MD5

0809ef78c81a1c90d13dab1c89d21ea7
SHA1

4c6a94278be573d02166d3c6b3c5efd3c7d18944
SHA256

4c291ca539417c3ccf6442e66711d2bec550814bdb2513ca2d796090f8543814
SHA512

82ca50a7ee6643eee9a86afb19e5c19f2f012bbc68ac2ef41b98b18e1658c4f26683f8bf7df508fba8a6ef2e745d0ac4e2ec13b442f90fc74b8fda357b4d5248
SSDEEP

3072:wqLm6V4+6qFfBoLE3V5kB416nsfeacAa6B97a0luWy7HP/Deq6gej2GL:wqReCqLE3fkB+OpT6B9eeAv/qq6g

Score

10^/10

warzonerat infostealer persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

4c291ca539417c3ccf6442e66711d2bec550814bdb2513ca2d796090f8543814.exe

Resource

win7-20221111-en

warzonerat infostealer persistence rat

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

4c291ca539417c3ccf6442e66711d2bec550814bdb2513ca2d796090f8543814.exe

Resource

win10v2004-20221111-en

warzonerat infostealer persistence rat

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

googlemap.ddns.net:8888

Targets

- Target
  
  4c291ca539417c3ccf6442e66711d2bec550814bdb2513ca2d796090f8543814
- Size
  
  235KB
- MD5
  
  0809ef78c81a1c90d13dab1c89d21ea7
- SHA1
  
  4c6a94278be573d02166d3c6b3c5efd3c7d18944
- SHA256
  
  4c291ca539417c3ccf6442e66711d2bec550814bdb2513ca2d796090f8543814
- SHA512
  
  82ca50a7ee6643eee9a86afb19e5c19f2f012bbc68ac2ef41b98b18e1658c4f26683f8bf7df508fba8a6ef2e745d0ac4e2ec13b442f90fc74b8fda357b4d5248
- SSDEEP
  
  3072:wqLm6V4+6qFfBoLE3V5kB416nsfeacAa6B97a0luWy7HP/Deq6gej2GL:wqReCqLE3fkB+OpT6B9eeAv/qq6g
Score

10^/10

warzonerat infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratinfostealerpersistencerat

behavioral2

warzoneratinfostealerpersistencerat

© 2018-2024

Terms | Privacy