warzonerat | 4e9666f55da5bbfbcddfb9b6066d4c1eca7a3092e0456999b6e3408c2e3edfbc | Triage

Submit
Reports

Overview

overview

Static

static

3

a67e7e5c52...15.exe

windows7-x64

a67e7e5c52...15.exe

windows10-2004-x64

Sharing

General

Target

a67e7e5c5271fda729143052d48dd615
Size

236KB
Sample

240226-q146cafe71
MD5

a67e7e5c5271fda729143052d48dd615
SHA1

bb1f7cd0043595bf26c7f2fc1473c12fbd66fc28
SHA256

4e9666f55da5bbfbcddfb9b6066d4c1eca7a3092e0456999b6e3408c2e3edfbc
SHA512

35a4fc62e1b763d38f86655384879f50b2025885ce3bb038b026b6ae599946046112cbeca71f818cc44b74755037a54960bd30b53cf3a944e105bcd4bda83b9d
SSDEEP

3072:AyWUYAlmXkJr4Dul8kZyLA93qlUD2mvwV6bFcHSRoodGv8Z36CxVYwwBJ785v7W6:AksBi17NCFYp3rtHmqbK65/

Score

10^/10

warzonerat evasion infostealer rat rezer0 trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a67e7e5c5271fda729143052d48dd615.exe

Resource

win7-20240221-en

warzonerat evasion infostealer rat rezer0 trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

a67e7e5c5271fda729143052d48dd615.exe

Resource

win10v2004-20240221-en

warzonerat evasion infostealer rat rezer0 trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

185.140.53.41:2104

Targets

- Target
  
  a67e7e5c5271fda729143052d48dd615
- Size
  
  236KB
- MD5
  
  a67e7e5c5271fda729143052d48dd615
- SHA1
  
  bb1f7cd0043595bf26c7f2fc1473c12fbd66fc28
- SHA256
  
  4e9666f55da5bbfbcddfb9b6066d4c1eca7a3092e0456999b6e3408c2e3edfbc
- SHA512
  
  35a4fc62e1b763d38f86655384879f50b2025885ce3bb038b026b6ae599946046112cbeca71f818cc44b74755037a54960bd30b53cf3a944e105bcd4bda83b9d
- SSDEEP
  
  3072:AyWUYAlmXkJr4Dul8kZyLA93qlUD2mvwV6bFcHSRoodGv8Z36CxVYwwBJ785v7W6:AksBi17NCFYp3rtHmqbK65/
Score

10^/10

warzonerat evasion infostealer rat rezer0 trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Warzone RAT payload
  rat
- Windows security modification
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify Tools

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

warzoneratevasioninfostealerratrezer0trojan

behavioral2

warzoneratevasioninfostealerratrezer0trojan

© 2018-2024

Terms | Privacy