warzonerat | 613355f77c2dd5064b640d8076626299a4f023512d9ee9301c674995f382b88c | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-1703-x64

Sharing

General

Target

613355f77c2dd5064b640d8076626299a4f023512d9ee9301c674995f382b88c
Size

347KB
Sample

221206-j8zghadb3v
MD5

773fb681c3115952129dfab8a192b111
SHA1

6cad9d1d3f6d3607bc8dcd388c972056c6184dc7
SHA256

613355f77c2dd5064b640d8076626299a4f023512d9ee9301c674995f382b88c
SHA512

ffcaacf102264a20fed98bee11b15ade13c98062e42f70fc52d73897adb278b6c2f96e3cfce0993d9f94d31bc1914f7ac3c017d30de704f3a002f84b2fb3f3e0
SSDEEP

6144:HBnAU1X9Tel6FV4aUR4VC+S7VK85ibLbSu+:WU1+6FV494iJKJfSu+

Score

10^/10

warzonerat infostealer persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

613355f77c2dd5064b640d8076626299a4f023512d9ee9301c674995f382b88c.exe

Resource

win10-20220812-en

warzonerat infostealer persistence rat

windows10-1703-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

privatexpo.duckdns.org:6513

Targets

- Target
  
  613355f77c2dd5064b640d8076626299a4f023512d9ee9301c674995f382b88c
- Size
  
  347KB
- MD5
  
  773fb681c3115952129dfab8a192b111
- SHA1
  
  6cad9d1d3f6d3607bc8dcd388c972056c6184dc7
- SHA256
  
  613355f77c2dd5064b640d8076626299a4f023512d9ee9301c674995f382b88c
- SHA512
  
  ffcaacf102264a20fed98bee11b15ade13c98062e42f70fc52d73897adb278b6c2f96e3cfce0993d9f94d31bc1914f7ac3c017d30de704f3a002f84b2fb3f3e0
- SSDEEP
  
  6144:HBnAU1X9Tel6FV4aUR4VC+S7VK85ibLbSu+:WU1+6FV494iJKJfSu+
Score

10^/10

warzonerat infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratinfostealerpersistencerat

© 2018-2024

Terms | Privacy