warzonerat | 2fd08e554d205eff9cc16a27e59b94abad98311738a109b8efe3523291833c3c | Triage

Submit
Reports

Overview

overview

Static

static

3

afa887c1eb...59.exe

windows7-x64

afa887c1eb...59.exe

windows10-2004-x64

Sharing

General

Target

afa887c1eb5644f68522d1a298942459
Size

236KB
Sample

240229-2nx22sef3w
MD5

afa887c1eb5644f68522d1a298942459
SHA1

4d0feb5610502cb7f33a5d7e6e93922d6b26a1b2
SHA256

2fd08e554d205eff9cc16a27e59b94abad98311738a109b8efe3523291833c3c
SHA512

f746e91bc6981e6f53f95f032e901ddbad7edcbde004f189d350552d6f558310a0227535b8c086b5f0f88107a8e721aedf12c35764a9dcc41f9831fa642f4c23
SSDEEP

3072:PWUYAlmXkJr4Dul8kZyLA93qlUD2mvwV6bFcHSRoodGv8Z36CxVYwwBJ785v7W8g:vsBi17NCFYp3rtHmqbK65K

Score

10^/10

warzonerat evasion infostealer rat rezer0 trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

afa887c1eb5644f68522d1a298942459.exe

Resource

win7-20240221-en

warzonerat evasion infostealer rat rezer0 trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

afa887c1eb5644f68522d1a298942459.exe

Resource

win10v2004-20240226-en

warzonerat evasion infostealer rat rezer0 trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

185.140.53.41:2104

Targets

- Target
  
  afa887c1eb5644f68522d1a298942459
- Size
  
  236KB
- MD5
  
  afa887c1eb5644f68522d1a298942459
- SHA1
  
  4d0feb5610502cb7f33a5d7e6e93922d6b26a1b2
- SHA256
  
  2fd08e554d205eff9cc16a27e59b94abad98311738a109b8efe3523291833c3c
- SHA512
  
  f746e91bc6981e6f53f95f032e901ddbad7edcbde004f189d350552d6f558310a0227535b8c086b5f0f88107a8e721aedf12c35764a9dcc41f9831fa642f4c23
- SSDEEP
  
  3072:PWUYAlmXkJr4Dul8kZyLA93qlUD2mvwV6bFcHSRoodGv8Z36CxVYwwBJ785v7W8g:vsBi17NCFYp3rtHmqbK65K
Score

10^/10

warzonerat evasion infostealer rat rezer0 trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Warzone RAT payload
  rat
- Windows security modification
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify Tools

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

warzoneratevasioninfostealerratrezer0trojan

behavioral2

warzoneratevasioninfostealerratrezer0trojan

© 2018-2024

Terms | Privacy