warzonerat | adb09eb6718421aff9cfd0dd2188ceab7c52e4c1f33ff3b3e56d37e8b09aadd1 | Triage

Submit
Reports

Overview

overview

Static

static

1

RUS3109Y51.exe

windows7-x64

RUS3109Y51.exe

windows10-2004-x64

Sharing

General

Target

RUS3109Y51.exe
Size

778KB
Sample

230315-ld6y7see2y
MD5

d94f93beb5e5cafbed05b68b50b89a01
SHA1

fb828f7fdf2aa5b83efef41754ba6c8b4a437b84
SHA256

adb09eb6718421aff9cfd0dd2188ceab7c52e4c1f33ff3b3e56d37e8b09aadd1
SHA512

3f2fc14d7004f29d88649ad885df8cca54a0d1c1cdf3e301ec32fc59c8f0c7cf66b9c8289fcd921f92bac157c3cc222f0e07d641a8cb889c005d854d44a92d12
SSDEEP

12288:giz2j8iJGRTwdfL6pvv0WC1R5LlLzrycVCBy0L/Y+M1eZ5qOP6bz8VoRHTpZI:ejRJTZ69pCf5xLzecVa/Y+lHhS3uup

Score

10^/10

warzonerat infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

RUS3109Y51.exe

Resource

win7-20230220-en

warzonerat infostealer rat

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

RUS3109Y51.exe

Resource

win10v2004-20230220-en

warzonerat infostealer rat

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

74.201.28.114:3900

Targets

- Target
  
  RUS3109Y51.exe
- Size
  
  778KB
- MD5
  
  d94f93beb5e5cafbed05b68b50b89a01
- SHA1
  
  fb828f7fdf2aa5b83efef41754ba6c8b4a437b84
- SHA256
  
  adb09eb6718421aff9cfd0dd2188ceab7c52e4c1f33ff3b3e56d37e8b09aadd1
- SHA512
  
  3f2fc14d7004f29d88649ad885df8cca54a0d1c1cdf3e301ec32fc59c8f0c7cf66b9c8289fcd921f92bac157c3cc222f0e07d641a8cb889c005d854d44a92d12
- SSDEEP
  
  12288:giz2j8iJGRTwdfL6pvv0WC1R5LlLzrycVCBy0L/Y+M1eZ5qOP6bz8VoRHTpZI:ejRJTZ69pCf5xLzecVa/Y+lHhS3uup
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

warzoneratinfostealerrat

© 2018-2024

Terms | Privacy