warzonerat | d8e6ae61fefe2f312f15fddf23fcdcba6ea02bc3cc1a1b4566e03130512c9882 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

ac18d9da91...25.exe

windows7-x64

ac18d9da91...25.exe

windows10-2004-x64

Sharing

General

Target

ac18d9da9135fd1ae1dd701a76f33c25
Size

507KB
Sample

240228-rpyd4adf72
MD5

ac18d9da9135fd1ae1dd701a76f33c25
SHA1

d4f4e58e4f85fbdfa68fa11e8c4766844c96f63c
SHA256

d8e6ae61fefe2f312f15fddf23fcdcba6ea02bc3cc1a1b4566e03130512c9882
SHA512

eaab4f765994471cbb0fcb10bee6c5b2306d26d23d27b4f6b1bbb2d711b0ca07218e0b617341466bbe9a0a1143c16fa5009bc4bcc6d23a8142e8441b30e5f98c
SSDEEP

12288:0IPHb0IoX/9fSp3TRCQeQEkNWkXgQSEwBV:0W0IovUDQ9QEkN1XgPEwBV

Score

10^/10

warzonerat evasion infostealer rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

ac18d9da9135fd1ae1dd701a76f33c25.exe

Resource

win7-20240221-en

warzonerat evasion infostealer rat trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

ac18d9da9135fd1ae1dd701a76f33c25.exe

Resource

win10v2004-20240226-en

warzonerat evasion infostealer rat trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

91.92.120.132:5200

Targets

- Target
  
  ac18d9da9135fd1ae1dd701a76f33c25
- Size
  
  507KB
- MD5
  
  ac18d9da9135fd1ae1dd701a76f33c25
- SHA1
  
  d4f4e58e4f85fbdfa68fa11e8c4766844c96f63c
- SHA256
  
  d8e6ae61fefe2f312f15fddf23fcdcba6ea02bc3cc1a1b4566e03130512c9882
- SHA512
  
  eaab4f765994471cbb0fcb10bee6c5b2306d26d23d27b4f6b1bbb2d711b0ca07218e0b617341466bbe9a0a1143c16fa5009bc4bcc6d23a8142e8441b30e5f98c
- SSDEEP
  
  12288:0IPHb0IoX/9fSp3TRCQeQEkNWkXgQSEwBV:0W0IovUDQ9QEkN1XgPEwBV
Score

10^/10

warzonerat evasion infostealer rat trojan
- UAC bypass
  evasion trojan
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Windows security bypass
  evasion trojan
- Warzone RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratevasioninfostealerrattrojan

behavioral2

warzoneratevasioninfostealerrattrojan

© 2018-2025

Terms | Privacy