warzonerat | 9127bf04095f506fb1313b8a760cd8acff84e4f26203220b94ff44aa931c4c34 | Triage

Submit
Reports

Overview

overview

Static

static

1

INVOICE.exe

windows7-x64

INVOICE.exe

windows10-2004-x64

Sharing

General

Target

9127BF04095F506FB1313B8A760CD8ACFF84E4F26203220B94FF44AA931C4C34
Size

1.2MB
Sample

230314-rs8dgafg76
MD5

4ae37c268017fcf1a5172e3b93786202
SHA1

06ea8ea8d4f0dae33b8465cf0f12f2e919e10373
SHA256

9127bf04095f506fb1313b8a760cd8acff84e4f26203220b94ff44aa931c4c34
SHA512

fe946ed937b2ff6afb8304243b6844526e748d5820c46bb32a0b461d559d6fea077e7f4125981baa9baae7b6125188971d0a06d45e0c1b193762c4e7a611d3da
SSDEEP

6144:jrzsD2B01XtSlfeG1PB1uJu3dWHClDvJfoxtDuCJ0B4+beL3ByD6YZFtCMQ:jrz61SPjuJsgHqDvJfoDCCCBjsBkQ

Score

10^/10

warzonerat infostealer persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

INVOICE.exe

Resource

win7-20230220-en

warzonerat infostealer persistence rat

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

INVOICE.exe

Resource

win10v2004-20230220-en

warzonerat infostealer persistence rat

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

newsfeed.msoftupdate.me:80

Targets

- Target
  
  INVOICE.EXE
- Size
  
  699KB
- MD5
  
  3a1328c0843fc9a945fa1d58ffb28313
- SHA1
  
  0810bfb2500bbfa86a220939d1ee9006a46a12c3
- SHA256
  
  91893562af732965ae5f90453a22af6b1d7a49f043730b900df20f6506569633
- SHA512
  
  385b5fee1126e406f4044dcea69e585ea9b5e06da33da20030bc2881fd914f85371e84d502124b118a5c3aa995094c68936d25ebb1f7fd32156437bf76a0d12b
- SSDEEP
  
  6144:FrzsD2B01XtSlfeG1PB1uJu3dWHClDvJfoxtDuCJ0B4+beL3ByD6YZFtCMQ:Frz61SPjuJsgHqDvJfoDCCCBjsBkQ
Score

10^/10

warzonerat infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratinfostealerpersistencerat

behavioral2

warzoneratinfostealerpersistencerat

© 2018-2024

Terms | Privacy