warzonerat | 56fc109c624733be74c8222cf04b939537455c3c0c41401878d385a49a698314 | Triage

Submit
Reports

Overview

overview

Static

static

0x00070000...13.exe

windows7-x64

0x00070000...13.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

0x000700000001b02f-13.dat
Size

141KB
Sample

231006-rt2bjsch9s
MD5

8924c729f5b74dce861ebbe8170c1e24
SHA1

996451edb9e8b09a9f126107413c22d071ceb635
SHA256

56fc109c624733be74c8222cf04b939537455c3c0c41401878d385a49a698314
SHA512

242142e1fd729e8bf1e2e396b185e7eefcca8ea94d023698fa4b6b49a5b585d29c9a9e3cee23ac62e1d196493f500f0a999d1c2e95b63dc184b74a77732e5936
SSDEEP

3072:2k4aHUBOO36YplMqBB3ZcPxlG+bBsDHqYzHKG0qIwj:2dx3wqz3ZcDeDKYzqG01wj

Score

10^/10

warzonerat infostealer persistence rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

0x000700000001b02f-13.exe

Resource

win7-20230831-en

warzonerat infostealer persistence rat

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

0x000700000001b02f-13.exe

Resource

win10v2004-20230915-en

warzonerat infostealer persistence rat

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

fgudhiiugiufgifufgihdhuidfxgd.duckdns.org:5200

Targets

- Target
  
  0x000700000001b02f-13.dat
- Size
  
  141KB
- MD5
  
  8924c729f5b74dce861ebbe8170c1e24
- SHA1
  
  996451edb9e8b09a9f126107413c22d071ceb635
- SHA256
  
  56fc109c624733be74c8222cf04b939537455c3c0c41401878d385a49a698314
- SHA512
  
  242142e1fd729e8bf1e2e396b185e7eefcca8ea94d023698fa4b6b49a5b585d29c9a9e3cee23ac62e1d196493f500f0a999d1c2e95b63dc184b74a77732e5936
- SSDEEP
  
  3072:2k4aHUBOO36YplMqBB3ZcPxlG+bBsDHqYzHKG0qIwj:2dx3wqz3ZcDeDKYzqG01wj
Score

10^/10

warzonerat infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratinfostealerpersistencerat

behavioral2

warzoneratinfostealerpersistencerat

© 2018-2025

Terms | Privacy