warzonerat | 9958131d419bbaf7b385485777f83c03f2757f2aa263fbb1280b1e64f961a164 | Triage

Submit
Reports

Overview

overview

Static

static

3

fc54819ee2...18.exe

windows7-x64

fc54819ee2...18.exe

windows10-2004-x64

Sharing

General

Target

fc54819ee2c8a0c18cc913036c027baa_JaffaCakes118
Size

541KB
Sample

240420-j8l66sda71
MD5

fc54819ee2c8a0c18cc913036c027baa
SHA1

092a1d2d354a3a95644ed34ec72d39f9f271ad4e
SHA256

9958131d419bbaf7b385485777f83c03f2757f2aa263fbb1280b1e64f961a164
SHA512

8e6ed119461c9e21d85a9f51f9d2cab51308c56dc71823adc6381f6563dba1ecbbae89af4d3c981982bd35461fa7319d5990aa4ed470c8f1de7ce7002ba92608
SSDEEP

12288:JIPHb0IoX/9fSp3TRCQeQEkNWkXgQSEwBl:JW0IovUDQ9QEkN1XgPEwBl

Score

10^/10

warzonerat evasion infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fc54819ee2c8a0c18cc913036c027baa_JaffaCakes118.exe

Resource

win7-20240221-en

warzonerat evasion infostealer rat trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

fc54819ee2c8a0c18cc913036c027baa_JaffaCakes118.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  fc54819ee2c8a0c18cc913036c027baa_JaffaCakes118
- Size
  
  541KB
- MD5
  
  fc54819ee2c8a0c18cc913036c027baa
- SHA1
  
  092a1d2d354a3a95644ed34ec72d39f9f271ad4e
- SHA256
  
  9958131d419bbaf7b385485777f83c03f2757f2aa263fbb1280b1e64f961a164
- SHA512
  
  8e6ed119461c9e21d85a9f51f9d2cab51308c56dc71823adc6381f6563dba1ecbbae89af4d3c981982bd35461fa7319d5990aa4ed470c8f1de7ce7002ba92608
- SSDEEP
  
  12288:JIPHb0IoX/9fSp3TRCQeQEkNWkXgQSEwBl:JW0IovUDQ9QEkN1XgPEwBl
Score

10^/10

warzonerat evasion infostealer rat trojan
- UAC bypass
  evasion trojan
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Windows security bypass
  evasion trojan
- Warzone RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

warzoneratevasioninfostealerrattrojan

behavioral2

© 2018-2024

Terms | Privacy