warzonerat | 8637ff13ee0653cfe574b2b9a9429f3124d16fca44d606432b6739c3d40a126c | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

8637ff13ee0653cfe574b2b9a9429f3124d16fca44d606432b6739c3d40a126c
Size

974KB
Sample

221202-es5lcscd98
MD5

7200b3d4fec8a77e6c8ba92f80e3ce30
SHA1

5af6cf29dd856ef42917c9218b9dd61f8406b530
SHA256

8637ff13ee0653cfe574b2b9a9429f3124d16fca44d606432b6739c3d40a126c
SHA512

1243d07db82f29c6afa508ef178996d3bad58d7848c15b6375a873fad0f57bb33ba35679e41d8b48b05c45f0ababe79a4b06e52e8c16d20cbc4f5b3875e46d02
SSDEEP

12288:lohgh/XxywVHfpAPY5vBsfBlcfCFxUwFJiR/EZr/x5WB2lnRzIhKyS0Rt2:lsgh/XZBAo+vbFWEZTxCynRzIa2t

Score

10^/10

warzonerat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

8637ff13ee0653cfe574b2b9a9429f3124d16fca44d606432b6739c3d40a126c.exe

Resource

win10v2004-20221111-en

warzonerat infostealer rat

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  8637ff13ee0653cfe574b2b9a9429f3124d16fca44d606432b6739c3d40a126c
- Size
  
  974KB
- MD5
  
  7200b3d4fec8a77e6c8ba92f80e3ce30
- SHA1
  
  5af6cf29dd856ef42917c9218b9dd61f8406b530
- SHA256
  
  8637ff13ee0653cfe574b2b9a9429f3124d16fca44d606432b6739c3d40a126c
- SHA512
  
  1243d07db82f29c6afa508ef178996d3bad58d7848c15b6375a873fad0f57bb33ba35679e41d8b48b05c45f0ababe79a4b06e52e8c16d20cbc4f5b3875e46d02
- SSDEEP
  
  12288:lohgh/XxywVHfpAPY5vBsfBlcfCFxUwFJiR/EZr/x5WB2lnRzIhKyS0Rt2:lsgh/XZBAo+vbFWEZTxCynRzIa2t
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratinfostealerrat

© 2018-2024

Terms | Privacy