warzonerat | a565630d44c3226052705000037a19cb45da97fc52f4b2a8ade6624075b1afe3 | Triage

Submit
Reports

Overview

overview

Static

static

1

Swift_050423.exe

windows7-x64

Swift_050423.exe

windows10-2004-x64

Sharing

General

Target

Swift_050423.exe
Size

555KB
Sample

230406-g92bdabg54
MD5

a03b30547f73dd956ebe0eac2361a977
SHA1

c71273f0a6909aa30a783f922215ad1efd617d9a
SHA256

a565630d44c3226052705000037a19cb45da97fc52f4b2a8ade6624075b1afe3
SHA512

6fc27f631a3ec227d5073134a8ebf6e941093b2e976e7eab6ed1a8582ef6196c0f2378f367f4e1489964a4649530bbf49402e062094a51d62124c2f0545a4c7a
SSDEEP

12288:YrZl+R69JQH2/VzQRYyVrMY+N4Iwh06wuII64ax:YlG6TQuvyd+N7wh06ZIIhax

Score

10^/10

warzonerat infostealer persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

Swift_050423.exe

Resource

win7-20230220-en

warzonerat infostealer rat

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

Swift_050423.exe

Resource

win10v2004-20230220-en

warzonerat infostealer persistence rat

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

37.0.14.201:5888

Targets

- Target
  
  Swift_050423.exe
- Size
  
  555KB
- MD5
  
  a03b30547f73dd956ebe0eac2361a977
- SHA1
  
  c71273f0a6909aa30a783f922215ad1efd617d9a
- SHA256
  
  a565630d44c3226052705000037a19cb45da97fc52f4b2a8ade6624075b1afe3
- SHA512
  
  6fc27f631a3ec227d5073134a8ebf6e941093b2e976e7eab6ed1a8582ef6196c0f2378f367f4e1489964a4649530bbf49402e062094a51d62124c2f0545a4c7a
- SSDEEP
  
  12288:YrZl+R69JQH2/VzQRYyVrMY+N4Iwh06wuII64ax:YlG6TQuvyd+N7wh06ZIIhax
Score

10^/10

warzonerat infostealer rat persistence
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

warzoneratinfostealerpersistencerat

© 2018-2024

Terms | Privacy