warzonerat | 853e1ec7d4d8fa449d88746cab1bfac6074e0d81e9a26ef6948793059e9bd781 | Triage

Submit
Reports

Overview

overview

Static

static

1

SecuriteIn...30.exe

windows7-x64

SecuriteIn...30.exe

windows10-2004-x64

Sharing

General

Target

SecuriteInfo.com.HEUR.93.6430.exe
Size

307KB
Sample

230327-mjazdsda29
MD5

dbaa3eedb475065eb8d88c1e9e04c2de
SHA1

bd2bbf3940dbfa53ddacba057333c88c77e5372d
SHA256

853e1ec7d4d8fa449d88746cab1bfac6074e0d81e9a26ef6948793059e9bd781
SHA512

9dea4831e8b01d0f9726ba9d31f786fdbaf1334340042282548a138b83e13d639403d814b8f16ee7572044941b3417c503240ee56c8c4d782c265fb6520b4509
SSDEEP

6144:u8fqDye3NCT8yGjm04y0O12udoEUAaZbyHfI:tiCgD4wldEiHfI

Score

10^/10

warzonerat collection infostealer persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.HEUR.93.6430.exe

Resource

win7-20230220-en

warzonerat collection infostealer persistence rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.HEUR.93.6430.exe

Resource

win10v2004-20230220-en

warzonerat collection infostealer persistence rat

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

91.192.100.10:11011

Targets

- Target
  
  SecuriteInfo.com.HEUR.93.6430.exe
- Size
  
  307KB
- MD5
  
  dbaa3eedb475065eb8d88c1e9e04c2de
- SHA1
  
  bd2bbf3940dbfa53ddacba057333c88c77e5372d
- SHA256
  
  853e1ec7d4d8fa449d88746cab1bfac6074e0d81e9a26ef6948793059e9bd781
- SHA512
  
  9dea4831e8b01d0f9726ba9d31f786fdbaf1334340042282548a138b83e13d639403d814b8f16ee7572044941b3417c503240ee56c8c4d782c265fb6520b4509
- SSDEEP
  
  6144:u8fqDye3NCT8yGjm04y0O12udoEUAaZbyHfI:tiCgD4wldEiHfI
Score

10^/10

warzonerat collection infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratcollectioninfostealerpersistencerat

behavioral2

warzoneratcollectioninfostealerpersistencerat

© 2018-2024

Terms | Privacy