warzonerat | c9f708d196905d6b42dda2b45f3a3965517d5cdc885f7b3b8824aaed33da5fff | Triage

Submit
Reports

Overview

overview

Static

static

3

d02e7036dc...2f.exe

windows7-x64

d02e7036dc...2f.exe

windows10-2004-x64

Sharing

General

Target

d02e7036dcce34d85849df93ec36c62f
Size

236KB
Sample

240317-hdmnsagg71
MD5

d02e7036dcce34d85849df93ec36c62f
SHA1

211c57f2f2e2f3cf11ce59f6848d8c7cce41fd18
SHA256

c9f708d196905d6b42dda2b45f3a3965517d5cdc885f7b3b8824aaed33da5fff
SHA512

8807912b873d950e37504a845e0c198e468fd4eb454d97ed877ed648ac8bb80c9c41b0bc3ae95100ecc210c2473cdd1d07d86a75acfce440e79c7c95c48ba12f
SSDEEP

3072:ASWUYAlmXkJr4Dul8kZyLA93qlUD2mvwV6bFcHSRoodGv8Z36CxVYwwBJ785v7Wt:AEsBi17NCFYp3rtHmqbK65o

Score

10^/10

warzonerat evasion infostealer rat rezer0 trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d02e7036dcce34d85849df93ec36c62f.exe

Resource

win7-20240221-en

warzonerat evasion infostealer rat rezer0 trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

d02e7036dcce34d85849df93ec36c62f.exe

Resource

win10v2004-20240226-en

warzonerat evasion infostealer rat rezer0 trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

185.140.53.41:2104

Targets

- Target
  
  d02e7036dcce34d85849df93ec36c62f
- Size
  
  236KB
- MD5
  
  d02e7036dcce34d85849df93ec36c62f
- SHA1
  
  211c57f2f2e2f3cf11ce59f6848d8c7cce41fd18
- SHA256
  
  c9f708d196905d6b42dda2b45f3a3965517d5cdc885f7b3b8824aaed33da5fff
- SHA512
  
  8807912b873d950e37504a845e0c198e468fd4eb454d97ed877ed648ac8bb80c9c41b0bc3ae95100ecc210c2473cdd1d07d86a75acfce440e79c7c95c48ba12f
- SSDEEP
  
  3072:ASWUYAlmXkJr4Dul8kZyLA93qlUD2mvwV6bFcHSRoodGv8Z36CxVYwwBJ785v7Wt:AEsBi17NCFYp3rtHmqbK65o
Score

10^/10

warzonerat evasion infostealer rat rezer0 trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Warzone RAT payload
  rat
- Windows security modification
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify Tools

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

warzoneratevasioninfostealerratrezer0trojan

behavioral2

warzoneratevasioninfostealerratrezer0trojan

© 2018-2024

Terms | Privacy