warzonerat | c36284bc37b2aaf39d2e911ef97aac1fa583ca30d90f2cd006635f8f5bf0d7e1 | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...41.exe

windows7-x64

SecuriteIn...41.exe

windows10-2004-x64

Sharing

General

Target

SecuriteInfo.com.Win32.PWSX-gen.1041.15454
Size

852KB
Sample

221124-w5hqsseh9s
MD5

2015410bb46bda0bd98be49f2ca03e00
SHA1

f500da9df562378cd0565485489321d59fa1699c
SHA256

c36284bc37b2aaf39d2e911ef97aac1fa583ca30d90f2cd006635f8f5bf0d7e1
SHA512

003a87fa2a9e6cbc2e12ede2cbf78abbe11eec1635e0695406c421c496783defd9ec6659a1524d8481dbeed61155bb5eebbe997ea0863e8590bbc69b3c8cc7e6
SSDEEP

12288:XHmZJbxpDFv6d2tZKGxF9rOTE/oMwtXBE3QVmfVUQa8PbT6OZO2bUq0fjVZ5jSC:XHvd2tceX/nyR3VmfVDHbTLZOKYjkC

Score

10^/10

warzonerat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Win32.PWSX-gen.1041.exe

Resource

win7-20221111-en

warzonerat infostealer rat

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Win32.PWSX-gen.1041.exe

Resource

win10v2004-20221111-en

warzonerat infostealer rat

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  SecuriteInfo.com.Win32.PWSX-gen.1041.15454
- Size
  
  852KB
- MD5
  
  2015410bb46bda0bd98be49f2ca03e00
- SHA1
  
  f500da9df562378cd0565485489321d59fa1699c
- SHA256
  
  c36284bc37b2aaf39d2e911ef97aac1fa583ca30d90f2cd006635f8f5bf0d7e1
- SHA512
  
  003a87fa2a9e6cbc2e12ede2cbf78abbe11eec1635e0695406c421c496783defd9ec6659a1524d8481dbeed61155bb5eebbe997ea0863e8590bbc69b3c8cc7e6
- SSDEEP
  
  12288:XHmZJbxpDFv6d2tZKGxF9rOTE/oMwtXBE3QVmfVUQa8PbT6OZO2bUq0fjVZ5jSC:XHvd2tceX/nyR3VmfVDHbTLZOKYjkC
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

warzoneratinfostealerrat

© 2018-2024

Terms | Privacy