warzonerat | 89e7172718c810dcea7dd152a7a2f776f765c52785e827a0d431ff5e2bac2e37 | Triage

Submit
Reports

Overview

overview

Static

static

89e7172718...37.exe

windows7-x64

89e7172718...37.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

89e7172718c810dcea7dd152a7a2f776f765c52785e827a0d431ff5e2bac2e37
Size

13.0MB
Sample

221229-tgmczadd77
MD5

420c7466d4bb7ec179068c032a19ad31
SHA1

f49b558016da2eb0c6e0207444b3c2f1a55f9012
SHA256

89e7172718c810dcea7dd152a7a2f776f765c52785e827a0d431ff5e2bac2e37
SHA512

5a3b29d9e06522b63f9bf5856186086a00792f032fabe29cfe6838af54cb41b670455f1694355cfd3839fba4c83255eb7994b871499d85791917e30561f34dc5
SSDEEP

12288:6HxsvGS/ePX+g7R0PJQLAoKy7EpGIzEHJMHty:mKOS/ePX+Hy7EpBTty

Score

10^/10

warzonerat infostealer persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

89e7172718c810dcea7dd152a7a2f776f765c52785e827a0d431ff5e2bac2e37.exe

Resource

win7-20221111-en

warzonerat infostealer persistence rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

89e7172718c810dcea7dd152a7a2f776f765c52785e827a0d431ff5e2bac2e37.exe

Resource

win10v2004-20221111-en

warzonerat infostealer persistence rat

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

185.225.73.31:11598

Targets

- Target
  
  89e7172718c810dcea7dd152a7a2f776f765c52785e827a0d431ff5e2bac2e37
- Size
  
  13.0MB
- MD5
  
  420c7466d4bb7ec179068c032a19ad31
- SHA1
  
  f49b558016da2eb0c6e0207444b3c2f1a55f9012
- SHA256
  
  89e7172718c810dcea7dd152a7a2f776f765c52785e827a0d431ff5e2bac2e37
- SHA512
  
  5a3b29d9e06522b63f9bf5856186086a00792f032fabe29cfe6838af54cb41b670455f1694355cfd3839fba4c83255eb7994b871499d85791917e30561f34dc5
- SSDEEP
  
  12288:6HxsvGS/ePX+g7R0PJQLAoKy7EpGIzEHJMHty:mKOS/ePX+Hy7EpBTty
Score

10^/10

warzonerat infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratinfostealerpersistencerat

behavioral2

warzoneratinfostealerpersistencerat

© 2018-2025

Terms | Privacy