General
-
Target
rat.exe
-
Size
132KB
-
Sample
230405-1svbaabg7w
-
MD5
9277e3fb92bcfa1037ab7e81d2e108f8
-
SHA1
c4e1f6a450ae5fc4c5b489076662bb6be4c377ec
-
SHA256
3df3982b0a334a560cf9613226cf80c7c2ea2fc95294c56be94c81be7fa6f379
-
SHA512
28f25cd1600b41dd35338f358c12a80941ac2739c03a3c5393fe1415b1180edd7acd7fdb60ba6a8f99498b48633e4244c39d8fd188046d35db181709279c77e6
-
SSDEEP
3072:K7W9jps0Tx4azG6GweOTir5axbjNCz45LT7a:KwpsERzGKurEXCzeLT7a
Malware Config
Extracted
warzonerat
soon-lp.at.ply.gg:17209
Targets
-
-
Target
rat.exe
-
Size
132KB
-
MD5
9277e3fb92bcfa1037ab7e81d2e108f8
-
SHA1
c4e1f6a450ae5fc4c5b489076662bb6be4c377ec
-
SHA256
3df3982b0a334a560cf9613226cf80c7c2ea2fc95294c56be94c81be7fa6f379
-
SHA512
28f25cd1600b41dd35338f358c12a80941ac2739c03a3c5393fe1415b1180edd7acd7fdb60ba6a8f99498b48633e4244c39d8fd188046d35db181709279c77e6
-
SSDEEP
3072:K7W9jps0Tx4azG6GweOTir5axbjNCz45LT7a:KwpsERzGKurEXCzeLT7a
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Sets DLL path for service in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Modifies WinLogon
-
Drops file in System32 directory
-