warzonerat | acd20b4a4d61ad35bc47851661ebc48e75c276ae50af870a1bb189cb2ed14c31 | Triage

Submit
Reports

Overview

overview

Static

static

acd20b4a4d...31.exe

windows7-x64

acd20b4a4d...31.exe

windows10-2004-x64

Sharing

General

Target

acd20b4a4d61ad35bc47851661ebc48e75c276ae50af870a1bb189cb2ed14c31
Size

229KB
Sample

221128-j6ghxahc28
MD5

629899cb8c761469ff1de32fd8e8e491
SHA1

6a028323d0aa6c7ae8fbc198ded8594dae179c48
SHA256

acd20b4a4d61ad35bc47851661ebc48e75c276ae50af870a1bb189cb2ed14c31
SHA512

3bee357fb65d9a8ae3c5d268f4fb8d7ca2ec5546592225b707dcf203a2fef0abacd77f1c86555786e6554b87a1a4b5203a2be5bc7f7b1dca90daf68b72232a83
SSDEEP

3072:AtD6jSm0uWRfCogTjVEGv+95IVp53D7+fQ1s+4DCS2Y2bA78bL92OH/:At1m0u65mEq+95OQQ+rCdY2b86My

Score

10^/10

warzonerat infostealer persistence rat

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

acd20b4a4d61ad35bc47851661ebc48e75c276ae50af870a1bb189cb2ed14c31.exe

Resource

win7-20220901-en

warzonerat infostealer persistence rat

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

acd20b4a4d61ad35bc47851661ebc48e75c276ae50af870a1bb189cb2ed14c31.exe

Resource

win10v2004-20221111-en

warzonerat infostealer persistence rat

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

21421412515215.duckdns.org:8808

Targets

- Target
  
  acd20b4a4d61ad35bc47851661ebc48e75c276ae50af870a1bb189cb2ed14c31
- Size
  
  229KB
- MD5
  
  629899cb8c761469ff1de32fd8e8e491
- SHA1
  
  6a028323d0aa6c7ae8fbc198ded8594dae179c48
- SHA256
  
  acd20b4a4d61ad35bc47851661ebc48e75c276ae50af870a1bb189cb2ed14c31
- SHA512
  
  3bee357fb65d9a8ae3c5d268f4fb8d7ca2ec5546592225b707dcf203a2fef0abacd77f1c86555786e6554b87a1a4b5203a2be5bc7f7b1dca90daf68b72232a83
- SSDEEP
  
  3072:AtD6jSm0uWRfCogTjVEGv+95IVp53D7+fQ1s+4DCS2Y2bA78bL92OH/:At1m0u65mEq+95OQQ+rCdY2b86My
Score

10^/10

warzonerat infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratinfostealerpersistencerat

behavioral2

warzoneratinfostealerpersistencerat

© 2018-2024

Terms | Privacy