warzonerat | 0c64978cf7ffc6b2ceaa4992de7ae4a05575babd79bcfecb57cc74ac3848ddde | Triage

Submit
Reports

Overview

overview

Static

static

3

c67c1797ac...57.exe

windows7-x64

c67c1797ac...57.exe

windows10-2004-x64

Sharing

General

Target

c67c1797ac06edcba5d78083ba87b357
Size

236KB
Sample

240313-v83dyadb29
MD5

c67c1797ac06edcba5d78083ba87b357
SHA1

a37cd82dd4def1b73dc06c3a9f8210b884f64d46
SHA256

0c64978cf7ffc6b2ceaa4992de7ae4a05575babd79bcfecb57cc74ac3848ddde
SHA512

7d89c10193ea753e6a4206b0df15d0897b57a56ae53137d715efec724d754a38dd68eeb0ff11d9b9fd12afa54c51425252a541f5bd97a129304491ff33db5fd9
SSDEEP

3072:rWUYAlmXkJr4Dul8kZyLA93qlUD2mvwV6bFcHSRoodGv8Z36CxVYwwBJ785v7W8+:zsBi17NCFYp3rtHmqbK65Y

Score

10^/10

warzonerat evasion infostealer rat rezer0 trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c67c1797ac06edcba5d78083ba87b357.exe

Resource

win7-20240221-en

warzonerat evasion infostealer rat rezer0 trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

c67c1797ac06edcba5d78083ba87b357.exe

Resource

win10v2004-20240226-en

warzonerat evasion infostealer rat rezer0 trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

185.140.53.41:2104

Targets

- Target
  
  c67c1797ac06edcba5d78083ba87b357
- Size
  
  236KB
- MD5
  
  c67c1797ac06edcba5d78083ba87b357
- SHA1
  
  a37cd82dd4def1b73dc06c3a9f8210b884f64d46
- SHA256
  
  0c64978cf7ffc6b2ceaa4992de7ae4a05575babd79bcfecb57cc74ac3848ddde
- SHA512
  
  7d89c10193ea753e6a4206b0df15d0897b57a56ae53137d715efec724d754a38dd68eeb0ff11d9b9fd12afa54c51425252a541f5bd97a129304491ff33db5fd9
- SSDEEP
  
  3072:rWUYAlmXkJr4Dul8kZyLA93qlUD2mvwV6bFcHSRoodGv8Z36CxVYwwBJ785v7W8+:zsBi17NCFYp3rtHmqbK65Y
Score

10^/10

warzonerat evasion infostealer rat rezer0 trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Warzone RAT payload
  rat
- Windows security modification
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify Tools

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

warzoneratevasioninfostealerratrezer0trojan

behavioral2

warzoneratevasioninfostealerratrezer0trojan

© 2018-2024

Terms | Privacy