warzonerat | 913377afa6c3d7afb49a491f830d52a33353349819f0e91157a01dc8336ac5b3 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

Odeme_Fatura.exe

windows7-x64

Odeme_Fatura.exe

windows10-2004-x64

5

Sharing

General

Target

Odeme_Fatura.exe
Size

582KB
Sample

240107-vaaw2abgc4
MD5

7bee43d88ddd5717c4059960d4f7abbb
SHA1

51768285fb6047a523af3d28e3e8601fa17a181d
SHA256

913377afa6c3d7afb49a491f830d52a33353349819f0e91157a01dc8336ac5b3
SHA512

b3043c68445d95d1794e6557d9ce096c812c631e7d43dcdfe40850731e94ed877799fd6baf162197c888d0484a07b9c8c73994b08c9844434d3f388b768162cd
SSDEEP

12288:nSQ3xl2I6NRNXDrI9GeZnbfPJJgR5lbULc1tBWpK9s3FqFLtomQ:Bf6rNX1eVXjGbt1oqFLtoN

Score

10^/10

warzonerat infostealer persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Odeme_Fatura.exe

Resource

win7-20231215-en

warzonerat infostealer persistence rat

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

Odeme_Fatura.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

satgobleien.jumpingcrab.com:5201

Targets

- Target
  
  Odeme_Fatura.exe
- Size
  
  582KB
- MD5
  
  7bee43d88ddd5717c4059960d4f7abbb
- SHA1
  
  51768285fb6047a523af3d28e3e8601fa17a181d
- SHA256
  
  913377afa6c3d7afb49a491f830d52a33353349819f0e91157a01dc8336ac5b3
- SHA512
  
  b3043c68445d95d1794e6557d9ce096c812c631e7d43dcdfe40850731e94ed877799fd6baf162197c888d0484a07b9c8c73994b08c9844434d3f388b768162cd
- SSDEEP
  
  12288:nSQ3xl2I6NRNXDrI9GeZnbfPJJgR5lbULc1tBWpK9s3FqFLtomQ:Bf6rNX1eVXjGbt1oqFLtoN
Score

10^/10

warzonerat infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratinfostealerpersistencerat

behavioral2

© 2018-2025

Terms | Privacy