warzonerat | 07827fcf9f6fc7bbd718ff90bf7355a1e474b04c91542dec380704082aeb9bdc | Triage

Submit
Reports

Overview

overview

Static

static

3

1228d2a5da...02.exe

windows7-x64

1228d2a5da...02.exe

windows10-2004-x64

Sharing

General

Target

07827fcf9f6fc7bbd718ff90bf7355a1e474b04c91542dec380704082aeb9bdc
Size

304KB
Sample

240417-n3zbrsdh67
MD5

a588ebf0f2b2366d6e7be198dce075f9
SHA1

cea97a6ddcd5b4f161a9ff85cb7f90b36deb4d7a
SHA256

07827fcf9f6fc7bbd718ff90bf7355a1e474b04c91542dec380704082aeb9bdc
SHA512

a199710b4d6c6a8478ce4011b9047d90fb2717b539844bae07ef121c22d92e4f847edcbfdca0ce5b6ccdeb7e6e31fafdd83893abb6735ab5426494a02832f526
SSDEEP

6144:KP1ntTL3ayTj7FEkwooGvhpps10DE0odGv+6kIeOofIHRdCkUO5m9H:KtnBL3gxGpzsmgH4TgI+W4H

Score

10^/10

warzonerat infostealer persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1228d2a5da0c294501e973a3de592eedca074276969cc53327edd667f08af002.exe

Resource

win7-20240221-en

warzonerat infostealer persistence rat

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

1228d2a5da0c294501e973a3de592eedca074276969cc53327edd667f08af002.exe

Resource

win10v2004-20240412-en

warzonerat infostealer persistence rat

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

217.151.98.163:6093

Targets

- Target
  
  1228d2a5da0c294501e973a3de592eedca074276969cc53327edd667f08af002.exe
- Size
  
  651KB
- MD5
  
  215834852a24fdc3fb3004d8809cd805
- SHA1
  
  02780d6f70a25456a6a9f9a9e08167bc3be29cf9
- SHA256
  
  1228d2a5da0c294501e973a3de592eedca074276969cc53327edd667f08af002
- SHA512
  
  90e8da6ca26cdf498503e6ea06857d53b301f396d5b35784f223f9f0dc76b3ef745be60c679511e9f2b5a3fb892938a797661e84e5982433e7bfe44becdd2274
- SSDEEP
  
  12288:5+CxtTAOGGwFfM8nYw8tQbE3AkwoxZqqt:57xGGk38abH
Score

10^/10

warzonerat infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

warzoneratinfostealerpersistencerat

behavioral2

warzoneratinfostealerpersistencerat

© 2018-2024

Terms | Privacy