warzonerat | b5a8545b46b333699f0d0894a29b0d272186948ffb9474a49262b5239a4e057f | Triage

Submit
Reports

Overview

overview

Static

static

3

0eb1c727cb...03.exe

windows7-x64

0eb1c727cb...03.exe

windows10-2004-x64

Sharing

General

Target

710be6c7edbd56231c80ea627e7614c9.bin
Size

267KB
Sample

231012-gpjwlaba7z
MD5

a04543db4d0358dcdab296362121e333
SHA1

6cbaaa657740b206c827e30de25e6e920eeeb001
SHA256

b5a8545b46b333699f0d0894a29b0d272186948ffb9474a49262b5239a4e057f
SHA512

dd0f66686b9e0e08fc3bc8b525c4681aada54c6425eed58a21e595b53c4977a034723b241973c006f9bbdec48539bc4551b66dc8cc8940dc849db32f582f44b2
SSDEEP

6144:D9y8k0rFshAfrrUn2ep1iI4F+meFlzX7aC5j+bkiT:DVDF4SlephKMlzk

Score

10^/10

warzonerat infostealer persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0eb1c727cb604fcaf30556be5783afb142e223d5fe037af252f98cbe1d0a2803.exe

Resource

win7-20230831-en

warzonerat infostealer persistence rat

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

0eb1c727cb604fcaf30556be5783afb142e223d5fe037af252f98cbe1d0a2803.exe

Resource

win10v2004-20230915-en

warzonerat infostealer persistence rat

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

osairus.duckdns.org:4244

Targets

- Target
  
  0eb1c727cb604fcaf30556be5783afb142e223d5fe037af252f98cbe1d0a2803.exe
- Size
  
  604KB
- MD5
  
  710be6c7edbd56231c80ea627e7614c9
- SHA1
  
  a3e4aba67d90ed15872263756b48623f86a83067
- SHA256
  
  0eb1c727cb604fcaf30556be5783afb142e223d5fe037af252f98cbe1d0a2803
- SHA512
  
  8f54051cb8a265feb0e222fca0211f4c63272a6426cfe66a9ce70a5d8985fdc985ccffe8c69ce8dd2912b717d28dbb8a6f10dad486f057d7cf865e8a4a5a0662
- SSDEEP
  
  6144:mYa6OipsvVVAkIhUqsVZjxNNp+Epb/HpS4YSamRW1OeUgSxXbI5:mYxZkIlEx1bpjHA4YYRKOeA1bE
Score

10^/10

warzonerat infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratinfostealerpersistencerat

behavioral2

warzoneratinfostealerpersistencerat

© 2018-2025

Terms | Privacy