warzonerat | 5767630484ddb02009fb82e7fbc23857a5b032fcbdca4b10bcd5abd3c1be1407 | Triage

Sharing

General

Target

5767630484ddb02009fb82e7fbc23857a5b032fcbdca4b10bcd5abd3c1be1407
Size

323KB
Sample

230211-lbkm7adf22
MD5

4521c3419b829108204529c88f4ca21a
SHA1

a50140d0578559219c60af7171238f62055b3a92
SHA256

5767630484ddb02009fb82e7fbc23857a5b032fcbdca4b10bcd5abd3c1be1407
SHA512

51c7888274ecc08b70dc00a27f4d9f4d3f1b3901c1d541e9baeb362a06b491bb0f57bbf4a345d5ab6656df3b3e45e246fecb068d44ebc116112f383639b748ad
SSDEEP

3072:5PgtxA/n5RF2p8b91/XXrB6pcTpYK236nYklNsWQDiuLpOdYfUBjdgvG:5Ced2891f7IpkYKTnDqLiqOdYf+WvG

Score

10^/10

warzonerat infostealer persistence rat

Malware Config

Targets

- Target
  
  5767630484ddb02009fb82e7fbc23857a5b032fcbdca4b10bcd5abd3c1be1407
- Size
  
  323KB
- MD5
  
  4521c3419b829108204529c88f4ca21a
- SHA1
  
  a50140d0578559219c60af7171238f62055b3a92
- SHA256
  
  5767630484ddb02009fb82e7fbc23857a5b032fcbdca4b10bcd5abd3c1be1407
- SHA512
  
  51c7888274ecc08b70dc00a27f4d9f4d3f1b3901c1d541e9baeb362a06b491bb0f57bbf4a345d5ab6656df3b3e45e246fecb068d44ebc116112f383639b748ad
- SSDEEP
  
  3072:5PgtxA/n5RF2p8b91/XXrB6pcTpYK236nYklNsWQDiuLpOdYfUBjdgvG:5Ced2891f7IpkYKTnDqLiqOdYf+WvG
Score

10^/10

warzonerat infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratinfostealerpersistencerat