warzonerat | c353f375242393a8bc42afcfa590ce13ddf30a4b2b881e47ddf9fa621a677ac0 | Triage

Submit
Reports

Overview

overview

Static

static

1

RFQ.exe

windows7-x64

RFQ.exe

windows10-2004-x64

Sharing

General

Target

RFQ.exe
Size

355KB
Sample

230329-kl1xgsfe62
MD5

f734c6433f83441b57db89f3c37b21e8
SHA1

d5f26eb382cd9ad2a220a35b2eadfed2b49007f0
SHA256

c353f375242393a8bc42afcfa590ce13ddf30a4b2b881e47ddf9fa621a677ac0
SHA512

d5f464bebab1f08d6ea1a792fccc0f02b00aa8a49c73755128e2eccec3b5e95a9339027e63d5f0b8f98d404dc4e2b8376970e9ea324ef2076e0a78a2f8c6ac1e
SSDEEP

6144:l69Syfirb6DYPrRPANmynocmBWwGorbGLAsND8k6PNofp8aAPwX3MmI:lrGquDYD2Nmyn5mHGorbGLAsQiOaAInv

Score

10^/10

warzonerat infostealer persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

RFQ.exe

Resource

win7-20230220-en

warzonerat infostealer persistence rat

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

RFQ.exe

Resource

win10v2004-20230221-en

warzonerat infostealer rat

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

185.29.9.20:5200

Targets

- Target
  
  RFQ.exe
- Size
  
  355KB
- MD5
  
  f734c6433f83441b57db89f3c37b21e8
- SHA1
  
  d5f26eb382cd9ad2a220a35b2eadfed2b49007f0
- SHA256
  
  c353f375242393a8bc42afcfa590ce13ddf30a4b2b881e47ddf9fa621a677ac0
- SHA512
  
  d5f464bebab1f08d6ea1a792fccc0f02b00aa8a49c73755128e2eccec3b5e95a9339027e63d5f0b8f98d404dc4e2b8376970e9ea324ef2076e0a78a2f8c6ac1e
- SSDEEP
  
  6144:l69Syfirb6DYPrRPANmynocmBWwGorbGLAsND8k6PNofp8aAPwX3MmI:lrGquDYD2Nmyn5mHGorbGLAsQiOaAInv
Score

10^/10

warzonerat infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratinfostealerpersistencerat

behavioral2

warzoneratinfostealerrat

© 2018-2024

Terms | Privacy