warzonerat | 3edfe0ac175805780137e3fb3f7e59fb221cb8586bfecdabc4325c3f055cb9ef | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

3edfe0ac175805780137e3fb3f7e59fb221cb8586bfecdabc4325c3f055cb9ef
Size

834KB
Sample

221205-eked7sdd52
MD5

31a2b08874779d70105aa700d142c4b0
SHA1

cc35daa5dcdd165629ab831c27c09645adc5b664
SHA256

3edfe0ac175805780137e3fb3f7e59fb221cb8586bfecdabc4325c3f055cb9ef
SHA512

09306da90a24735eeede12e62a9fcb8caf65c59f2e9f39963968a51bf6f1c663336c588ea8fed33c78afebd1b5511f4edbd1bce3c31056744695be2f88debf48
SSDEEP

12288:CcQcig3KvE+PLc2z8H+Byip9SE8cLPnwrjwodkg586aWHff:pQZgl8LbyipUrKYLdB5O8f

Score

10^/10

warzonerat infostealer persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

3edfe0ac175805780137e3fb3f7e59fb221cb8586bfecdabc4325c3f055cb9ef.exe

Resource

win10-20220812-en

warzonerat infostealer persistence rat

windows10-1703-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  3edfe0ac175805780137e3fb3f7e59fb221cb8586bfecdabc4325c3f055cb9ef
- Size
  
  834KB
- MD5
  
  31a2b08874779d70105aa700d142c4b0
- SHA1
  
  cc35daa5dcdd165629ab831c27c09645adc5b664
- SHA256
  
  3edfe0ac175805780137e3fb3f7e59fb221cb8586bfecdabc4325c3f055cb9ef
- SHA512
  
  09306da90a24735eeede12e62a9fcb8caf65c59f2e9f39963968a51bf6f1c663336c588ea8fed33c78afebd1b5511f4edbd1bce3c31056744695be2f88debf48
- SSDEEP
  
  12288:CcQcig3KvE+PLc2z8H+Byip9SE8cLPnwrjwodkg586aWHff:pQZgl8LbyipUrKYLdB5O8f
Score

10^/10

warzonerat infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratinfostealerpersistencerat

© 2018-2024

Terms | Privacy