warzonerat | decca35b90665b5cab7953d654aa934b485899c4df797fe3257f5f914198076f | Triage

Submit
Reports

Overview

overview

Static

static

3

8f56eda045...f5.exe

windows7-x64

8f56eda045...f5.exe

windows10-2004-x64

Sharing

General

Target

8f56eda04533b9b130e28f031cba40f5
Size

236KB
Sample

240204-reeh8sdehk
MD5

8f56eda04533b9b130e28f031cba40f5
SHA1

4d07eec4700275447f6e8269247b130f49d74ea8
SHA256

decca35b90665b5cab7953d654aa934b485899c4df797fe3257f5f914198076f
SHA512

832d6958b7c02261d8f309a6ef40044b70b926824ce96f76e43c42794e4f25f90610252895173c3b42a2c3f9f7b52f0c9433862519b2f923c60c18cd313bccd2
SSDEEP

3072:FWUYAlmXkJr4Dul8kZyLA93qlUD2mvwV6bFcHSRoodGv8Z36CxVYwwBJ785v7W80:psBi17NCFYp3rtHmqbK65G

Score

10^/10

warzonerat evasion infostealer rat rezer0 trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8f56eda04533b9b130e28f031cba40f5.exe

Resource

win7-20231215-en

warzonerat evasion infostealer rat rezer0 trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

8f56eda04533b9b130e28f031cba40f5.exe

Resource

win10v2004-20231215-en

warzonerat evasion infostealer rat rezer0 trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

185.140.53.41:2104

Targets

- Target
  
  8f56eda04533b9b130e28f031cba40f5
- Size
  
  236KB
- MD5
  
  8f56eda04533b9b130e28f031cba40f5
- SHA1
  
  4d07eec4700275447f6e8269247b130f49d74ea8
- SHA256
  
  decca35b90665b5cab7953d654aa934b485899c4df797fe3257f5f914198076f
- SHA512
  
  832d6958b7c02261d8f309a6ef40044b70b926824ce96f76e43c42794e4f25f90610252895173c3b42a2c3f9f7b52f0c9433862519b2f923c60c18cd313bccd2
- SSDEEP
  
  3072:FWUYAlmXkJr4Dul8kZyLA93qlUD2mvwV6bFcHSRoodGv8Z36CxVYwwBJ785v7W80:psBi17NCFYp3rtHmqbK65G
Score

10^/10

warzonerat evasion infostealer rat rezer0 trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Warzone RAT payload
  rat
- Windows security modification
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify Tools

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

warzoneratevasioninfostealerratrezer0trojan

behavioral2

warzoneratevasioninfostealerratrezer0trojan

© 2018-2024

Terms | Privacy