warzonerat | 3707533042d67a657b987ec153e0b5711f0c4d06377ee5143759483698bc7f48 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

3707533042d67a657b987ec153e0b5711f0c4d06377ee5143759483698bc7f48
Size

347KB
Sample

221206-j111cscd9s
MD5

6919d85bb10aad2b3078283f8b9108f0
SHA1

3a11e7ff6bf51467f197dec068b6abeb2570eb68
SHA256

3707533042d67a657b987ec153e0b5711f0c4d06377ee5143759483698bc7f48
SHA512

8dedcd2a3a684fd5e1078d6b1404479267a0b5fa5a851c5a3de65a02ccdbeef2aa2587fc69172791e125a15be4c8383a622f50abc50a45488ef1aa0ef9bcbead
SSDEEP

3072:HEhKzShSycb2OYLwt1LX9kC+Nl6FJT/AaUkMqpN08UKgCj6KJ4w6QonNIZ3cyV/L:HBnAU1X9Tel6FV4aURqpq1CjA/NY3fL

Score

10^/10

warzonerat infostealer persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3707533042d67a657b987ec153e0b5711f0c4d06377ee5143759483698bc7f48.exe

Resource

win10v2004-20220812-en

warzonerat infostealer persistence rat

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

baramac.duckdns.org:6269

Targets

- Target
  
  3707533042d67a657b987ec153e0b5711f0c4d06377ee5143759483698bc7f48
- Size
  
  347KB
- MD5
  
  6919d85bb10aad2b3078283f8b9108f0
- SHA1
  
  3a11e7ff6bf51467f197dec068b6abeb2570eb68
- SHA256
  
  3707533042d67a657b987ec153e0b5711f0c4d06377ee5143759483698bc7f48
- SHA512
  
  8dedcd2a3a684fd5e1078d6b1404479267a0b5fa5a851c5a3de65a02ccdbeef2aa2587fc69172791e125a15be4c8383a622f50abc50a45488ef1aa0ef9bcbead
- SSDEEP
  
  3072:HEhKzShSycb2OYLwt1LX9kC+Nl6FJT/AaUkMqpN08UKgCj6KJ4w6QonNIZ3cyV/L:HBnAU1X9Tel6FV4aURqpq1CjA/NY3fL
Score

10^/10

warzonerat infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratinfostealerpersistencerat

© 2018-2024

Terms | Privacy