warzonerat | 1bff37b3f897e8f9bdb33018eb927784167c172defed492759583d61fff39e4c | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

1bff37b3f897e8f9bdb33018eb927784167c172defed492759583d61fff39e4c
Size

733KB
Sample

221203-kgb3kaca9y
MD5

479d23477f4dbed3eed8e22566eb4196
SHA1

44ba4888a333bb611db621e1f55837f403c84536
SHA256

1bff37b3f897e8f9bdb33018eb927784167c172defed492759583d61fff39e4c
SHA512

6ed4f2d3a1bd103a043aa8f1c43daa98e22a1721eb9fb8828bed54b2a9c9f5c9a507fcca86e74f79d4b83b818fe4a2c47a63b32c1e876deab75d8c612557f632
SSDEEP

12288:Vctnxl9AW8CJn8QwOBasVz/Huj+s6tZ6t1kg586aWHff:udX94CJ8uDr4+ne1B5O8f

Score

10^/10

warzonerat infostealer persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

1bff37b3f897e8f9bdb33018eb927784167c172defed492759583d61fff39e4c.exe

Resource

win10v2004-20220901-en

warzonerat infostealer persistence rat

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  1bff37b3f897e8f9bdb33018eb927784167c172defed492759583d61fff39e4c
- Size
  
  733KB
- MD5
  
  479d23477f4dbed3eed8e22566eb4196
- SHA1
  
  44ba4888a333bb611db621e1f55837f403c84536
- SHA256
  
  1bff37b3f897e8f9bdb33018eb927784167c172defed492759583d61fff39e4c
- SHA512
  
  6ed4f2d3a1bd103a043aa8f1c43daa98e22a1721eb9fb8828bed54b2a9c9f5c9a507fcca86e74f79d4b83b818fe4a2c47a63b32c1e876deab75d8c612557f632
- SSDEEP
  
  12288:Vctnxl9AW8CJn8QwOBasVz/Huj+s6tZ6t1kg586aWHff:udX94CJ8uDr4+ne1B5O8f
Score

10^/10

warzonerat infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratinfostealerpersistencerat

© 2018-2024

Terms | Privacy