warzonerat | 92e54cb5fb1d4e2c874f09b5c10a617dc00d845970c094e426683d6989c5a182 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

92e54cb5fb1d4e2c874f09b5c10a617dc00d845970c094e426683d6989c5a182
Size

203KB
Sample

230315-s68rtsgc2y
MD5

8c8ee58eacb110d5598f723ecd7e948c
SHA1

b9be417a07aa65a317001ba2976cdd80fb267174
SHA256

92e54cb5fb1d4e2c874f09b5c10a617dc00d845970c094e426683d6989c5a182
SHA512

d474c65d401f18fc2343fd086ed1581df4adf1edbf087f1a0a72e97e7c4fc17bb804e7739eb27b5715614ea9071078cc385e3351375d9a89228865f3a072a4a7
SSDEEP

3072:WfY/TU9fE9PEtuNb246i/iIasUc9dWaYU2WfDRuTDP3KlORQ8TsN543G+RWuWCBg:AYa6724zLasU+6UZfDon/8h8e6WqFY

Score

10^/10

warzonerat infostealer persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

92e54cb5fb1d4e2c874f09b5c10a617dc00d845970c094e426683d6989c5a182.exe

Resource

win10v2004-20230220-en

warzonerat infostealer persistence rat

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

omerlan.duckdns.org:6548

Targets

- Target
  
  92e54cb5fb1d4e2c874f09b5c10a617dc00d845970c094e426683d6989c5a182
- Size
  
  203KB
- MD5
  
  8c8ee58eacb110d5598f723ecd7e948c
- SHA1
  
  b9be417a07aa65a317001ba2976cdd80fb267174
- SHA256
  
  92e54cb5fb1d4e2c874f09b5c10a617dc00d845970c094e426683d6989c5a182
- SHA512
  
  d474c65d401f18fc2343fd086ed1581df4adf1edbf087f1a0a72e97e7c4fc17bb804e7739eb27b5715614ea9071078cc385e3351375d9a89228865f3a072a4a7
- SSDEEP
  
  3072:WfY/TU9fE9PEtuNb246i/iIasUc9dWaYU2WfDRuTDP3KlORQ8TsN543G+RWuWCBg:AYa6724zLasU+6UZfDon/8h8e6WqFY
Score

10^/10

warzonerat infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratinfostealerpersistencerat

© 2018-2024

Terms | Privacy