warzonerat | 584f57edb1dc561be7396494ea26a3fe5c4c24fed1594636ce2167db8418abe1 | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...78.exe

windows7-x64

SecuriteIn...78.exe

windows10-2004-x64

Sharing

General

Target

SecuriteInfo.com.Win32.PWSX-gen.15216.14078.exe
Size

1.0MB
Sample

221123-r1ageahh89
MD5

dbd404136dad8130e5b1197fcbf287d1
SHA1

225b6204a93d7512d8bac3d533aff6836b5c4d3e
SHA256

584f57edb1dc561be7396494ea26a3fe5c4c24fed1594636ce2167db8418abe1
SHA512

d1111093ea89fdd2df4282dcc5097c55e2e34b522259baa1fd1758f75da33a69919a8ecb5188136da2c837aff27bc40200cd3e450f224b72007ec43b85346a23
SSDEEP

24576:rz3lDgh/awtCPSJLir9KcCWY56PH62Dz:rz3lch/dsPFTkyHF

Score

10^/10

warzonerat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Win32.PWSX-gen.15216.14078.exe

Resource

win7-20221111-en

warzonerat infostealer rat

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Win32.PWSX-gen.15216.14078.exe

Resource

win10v2004-20221111-en

warzonerat infostealer rat

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  SecuriteInfo.com.Win32.PWSX-gen.15216.14078.exe
- Size
  
  1.0MB
- MD5
  
  dbd404136dad8130e5b1197fcbf287d1
- SHA1
  
  225b6204a93d7512d8bac3d533aff6836b5c4d3e
- SHA256
  
  584f57edb1dc561be7396494ea26a3fe5c4c24fed1594636ce2167db8418abe1
- SHA512
  
  d1111093ea89fdd2df4282dcc5097c55e2e34b522259baa1fd1758f75da33a69919a8ecb5188136da2c837aff27bc40200cd3e450f224b72007ec43b85346a23
- SSDEEP
  
  24576:rz3lDgh/awtCPSJLir9KcCWY56PH62Dz:rz3lch/dsPFTkyHF
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

warzoneratinfostealerrat

© 2018-2024

Terms | Privacy