warzonerat | 63248ad3b64bf52266f0469e79e9f1b733dc0e2882142cf2167d7970b196973a | Triage

Submit
Reports

Overview

overview

Static

static

ave_maria_rat.exe

windows7-x64

ave_maria_rat.exe

windows10-2004-x64

5

Sharing

General

Target

ave_maria_rat.zip
Size

353KB
Sample

221214-tbpadadc31
MD5

1392a739900bc293e1007a362cbbdf92
SHA1

7729896bbfd9f5d1789c019fa7340dc42afffcef
SHA256

63248ad3b64bf52266f0469e79e9f1b733dc0e2882142cf2167d7970b196973a
SHA512

06a2b62a351e2e7fd9995d146443362c607566903b38e9e59f95ac329043e88c6b8cde5d8485e52da2439d1732d1c886e1ad660b4b89e8032f971ea7dcf60c87
SSDEEP

6144:qAQN94dfO4UojT8Nlp2nVnlsodt1E780/PHukfk7NcgmC8UEluifg4M:Q9KG4f8in+odG/Puks7pmC8blz9M

Score

10^/10

warzonerat infostealer persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

ave_maria_rat.exe

Resource

win7-20221111-en

warzonerat infostealer persistence rat

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

ave_maria_rat.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

www.dnuocc.com:5287

Targets

- Target
  
  ave_maria_rat.exe
- Size
  
  383KB
- MD5
  
  d414115c947793d91a7d5a110053305c
- SHA1
  
  3a21e61f797e8abd4aa703f1f0d375d4d4fcc37a
- SHA256
  
  65eb2d7d35b22b4edfef16c7ff2f36d79b827145bc94644f7fe915a9378bf361
- SHA512
  
  0ab8a96b06ed9baf4f609faa4935fc6bae7ad1a77d0eb75bad03c41e3291505c7427ad457e1b88ad4fb352c3c549cd286ca5b4d0ffeb4ca1a7314dfb7f343b4e
- SSDEEP
  
  6144:dN9ydRO4MojT8Nbp2npn5soltfE7k0/PVukfu7Ncgw6cUulYvlJAplDaK0FFvaI:n90E4X8Cniolq/tukG7pw6cllWlJApla
Score

10^/10

warzonerat infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratinfostealerpersistencerat

behavioral2

© 2018-2024

Terms | Privacy