warzonerat | cdea3f40ff14e31e8afc0810ea6dfea48d79f5d30dbf2b66673aa89546f40cdb | Triage

Submit
Reports

Overview

overview

Static

static

1

sample.html

windows7-x64

1

sample.html

windows10-2004-x64

Resubmissions

19-03-2024 09:13

240319-k6zvxsgf6x 10

19-03-2024 09:08

240319-k38cwsge7z 1

Sharing

General

Target

sample
Size

88KB
Sample

240319-k6zvxsgf6x
MD5

fa1f40ef09d084500e63cec86333d59c
SHA1

cfcb60bb7ddb345bdcb6505b0eedca58f7e93518
SHA256

cdea3f40ff14e31e8afc0810ea6dfea48d79f5d30dbf2b66673aa89546f40cdb
SHA512

e23475b0d98d736ad84555c6c475d239bee6e6619ead4350b94c1ef60ad02b264d95a5cc48221519984972477ec6be984ea1f9e8f7e2571e2712a2a4620c83cc
SSDEEP

1536:ybQBKbTtHnD3A0vuhGyUfjsfzf04PAPlPkpyXIQkvukuyOct:qHnD3AeuUyUfgfzfNPAPlPkpyXINGY

Score

10^/10

warzonerat infostealer rat rezer0

Static task

static1

Behavioral task

behavioral1

Sample

sample.html

Resource

win7-20240221-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

sample.html

Resource

win10v2004-20240226-en

warzonerat infostealer rat rezer0

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

168.61.222.215:5400

Targets

- Target
  
  sample
- Size
  
  88KB
- MD5
  
  fa1f40ef09d084500e63cec86333d59c
- SHA1
  
  cfcb60bb7ddb345bdcb6505b0eedca58f7e93518
- SHA256
  
  cdea3f40ff14e31e8afc0810ea6dfea48d79f5d30dbf2b66673aa89546f40cdb
- SHA512
  
  e23475b0d98d736ad84555c6c475d239bee6e6619ead4350b94c1ef60ad02b264d95a5cc48221519984972477ec6be984ea1f9e8f7e2571e2712a2a4620c83cc
- SSDEEP
  
  1536:ybQBKbTtHnD3A0vuhGyUfjsfzf04PAPlPkpyXIQkvukuyOct:qHnD3AeuUyUfgfzfNPAPlPkpyXINGY
Score

10^/10

warzonerat infostealer rat rezer0
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Warzone RAT payload
  rat
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

warzoneratinfostealerratrezer0

© 2018-2024

Terms | Privacy