warzonerat | 33568c503537a0e4e8735690c59bd4636453227e27eae6cfbc08dc2f6b9df921 | Triage

Submit
Reports

Overview

overview

Static

static

3

1d567410ae...18.exe

windows7-x64

1d567410ae...18.exe

windows10-2004-x64

Sharing

General

Target

1d567410aef049362058e077fed717b0_JaffaCakes118
Size

656KB
Sample

240329-kcj8dadh74
MD5

1d567410aef049362058e077fed717b0
SHA1

fefd561a5a19ac75e0f2a2c7b1fa4517ad6e16f8
SHA256

33568c503537a0e4e8735690c59bd4636453227e27eae6cfbc08dc2f6b9df921
SHA512

c033d3cf3ebde4a7b84943153e06101faa1db8e5e4d8d601397f6fe2be05c9467960075cdede2a4f610251eb0367c3c949f9cd2cc9c14cbf522a41dbeb32059e
SSDEEP

12288:ZFX3TJwh9BfrYDgtIKZ/ZhVNFXOGLhFb/yM0WeXyBxkjAt:7TeLkoZnNF

Score

10^/10

warzonerat infostealer persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1d567410aef049362058e077fed717b0_JaffaCakes118.exe

Resource

win7-20240221-en

warzonerat infostealer persistence rat

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

1d567410aef049362058e077fed717b0_JaffaCakes118.exe

Resource

win10v2004-20240226-en

warzonerat infostealer persistence rat

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

176.126.86.243:2021

Targets

- Target
  
  1d567410aef049362058e077fed717b0_JaffaCakes118
- Size
  
  656KB
- MD5
  
  1d567410aef049362058e077fed717b0
- SHA1
  
  fefd561a5a19ac75e0f2a2c7b1fa4517ad6e16f8
- SHA256
  
  33568c503537a0e4e8735690c59bd4636453227e27eae6cfbc08dc2f6b9df921
- SHA512
  
  c033d3cf3ebde4a7b84943153e06101faa1db8e5e4d8d601397f6fe2be05c9467960075cdede2a4f610251eb0367c3c949f9cd2cc9c14cbf522a41dbeb32059e
- SSDEEP
  
  12288:ZFX3TJwh9BfrYDgtIKZ/ZhVNFXOGLhFb/yM0WeXyBxkjAt:7TeLkoZnNF
Score

10^/10

warzonerat infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratinfostealerpersistencerat

behavioral2

warzoneratinfostealerpersistencerat

© 2018-2024

Terms | Privacy