warzonerat | a7afcc40d88bf419bc84f92a2bdd394b3aeb18f1b98e608c5cd034a885393c2e | Triage

Submit
Reports

Overview

overview

Static

static

3

f4521c6aac...18.exe

windows7-x64

f4521c6aac...18.exe

windows10-2004-x64

Sharing

General

Target

f4521c6aace782f33b8afdc157ebd10f_JaffaCakes118
Size

329KB
Sample

240416-zv6xesce97
MD5

f4521c6aace782f33b8afdc157ebd10f
SHA1

28c89031d7b796bfee391fa03c5ff654bd057fd7
SHA256

a7afcc40d88bf419bc84f92a2bdd394b3aeb18f1b98e608c5cd034a885393c2e
SHA512

f094dd1424c4fd0ca98a08d553a6ef7bb2fc273b1834428eade6ef690034553745cac8299f564941b69ef4cfc0914904f393a72a1b404be4aeda064c5965a9b3
SSDEEP

6144:yBS0xxqrm6OEs/1A4ev9p97Yo1jrR99IGlDR57n6:yke6OtK9p98odR9b57n

Score

10^/10

warzonerat zgrat infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f4521c6aace782f33b8afdc157ebd10f_JaffaCakes118.exe

Resource

win7-20240221-en

warzonerat zgrat infostealer rat trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

f4521c6aace782f33b8afdc157ebd10f_JaffaCakes118.exe

Resource

win10v2004-20240412-en

warzonerat zgrat infostealer rat trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

nan.ydns.eu:4002

Targets

- Target
  
  f4521c6aace782f33b8afdc157ebd10f_JaffaCakes118
- Size
  
  329KB
- MD5
  
  f4521c6aace782f33b8afdc157ebd10f
- SHA1
  
  28c89031d7b796bfee391fa03c5ff654bd057fd7
- SHA256
  
  a7afcc40d88bf419bc84f92a2bdd394b3aeb18f1b98e608c5cd034a885393c2e
- SHA512
  
  f094dd1424c4fd0ca98a08d553a6ef7bb2fc273b1834428eade6ef690034553745cac8299f564941b69ef4cfc0914904f393a72a1b404be4aeda064c5965a9b3
- SSDEEP
  
  6144:yBS0xxqrm6OEs/1A4ev9p97Yo1jrR99IGlDR57n6:yke6OtK9p98odR9b57n
Score

10^/10

warzonerat zgrat infostealer rat trojan
- Detect ZGRat V1
- Detects BazaLoader malware
  BazaLoader is a trojan that transmits logs to the Command and Control (C2) server, encoding them in BASE64 format through GET requests.
  trojan
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Warzone RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

warzoneratzgratinfostealerrattrojan

behavioral2

warzoneratzgratinfostealerrattrojan

© 2018-2024

Terms | Privacy