warzonerat | 78473f3a3e461bc15c18f82ae52ad130b0f0dff4109e21b2e47f2dde90acbf46 | Triage

Submit
Reports

Overview

overview

Static

static

e8aaade776...18.exe

windows7-x64

e8aaade776...18.exe

windows10-2004-x64

Sharing

General

Target

e8aaade776c2a9e279825189b23f6eed_JaffaCakes118
Size

8.2MB
Sample

240408-3a7vrseg76
MD5

e8aaade776c2a9e279825189b23f6eed
SHA1

b42a39d4c5888efb186480430544060f758fb8dc
SHA256

78473f3a3e461bc15c18f82ae52ad130b0f0dff4109e21b2e47f2dde90acbf46
SHA512

367e58fe5d78e84c6d33f027aaeb05fa527d70a50d2e67ff300b948363cc558317d6b715fe5cae37caf19ffc5aa587c81f2b327daf61bf295bc9a4bc841be12a
SSDEEP

49152:7C0bNechC0bNechC0bNeccC0bNechC0bNechC0bNecO:V8e8e878e8e89

Score

10^/10

warzonerat aspackv2 evasion infostealer persistence rat

Static task

static1

rat aspackv2 warzonerat

4 signatures

Behavioral task

behavioral1

Sample

e8aaade776c2a9e279825189b23f6eed_JaffaCakes118.exe

Resource

win7-20240221-en

warzonerat aspackv2 evasion infostealer persistence rat

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

e8aaade776c2a9e279825189b23f6eed_JaffaCakes118.exe

Resource

win10v2004-20240226-en

warzonerat aspackv2 evasion infostealer persistence rat

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  e8aaade776c2a9e279825189b23f6eed_JaffaCakes118
- Size
  
  8.2MB
- MD5
  
  e8aaade776c2a9e279825189b23f6eed
- SHA1
  
  b42a39d4c5888efb186480430544060f758fb8dc
- SHA256
  
  78473f3a3e461bc15c18f82ae52ad130b0f0dff4109e21b2e47f2dde90acbf46
- SHA512
  
  367e58fe5d78e84c6d33f027aaeb05fa527d70a50d2e67ff300b948363cc558317d6b715fe5cae37caf19ffc5aa587c81f2b327daf61bf295bc9a4bc841be12a
- SSDEEP
  
  49152:7C0bNechC0bNechC0bNeccC0bNechC0bNechC0bNecO:V8e8e878e8e89
Score

10^/10

warzonerat aspackv2 evasion infostealer persistence rat
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Modifies Installed Components in the registry
  persistence
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

rataspackv2warzonerat

behavioral1

warzonerataspackv2evasioninfostealerpersistencerat

behavioral2

warzonerataspackv2evasioninfostealerpersistencerat

© 2018-2025

Terms | Privacy