warzonerat | 1c2437ae6ffc0eee1e868edc26540d7b1fc8992209ec776644fc8c83c83b0032 | Triage

Submit
Reports

Overview

overview

Static

static

3

ff3d380d75...18.exe

windows7-x64

ff3d380d75...18.exe

windows10-2004-x64

Sharing

General

Target

ff3d380d75da0970ca814403921a512d_JaffaCakes118
Size

336KB
Sample

240421-pa8v6sah77
MD5

ff3d380d75da0970ca814403921a512d
SHA1

bd06d7efc8946846addb9593893ac91a668d1e75
SHA256

1c2437ae6ffc0eee1e868edc26540d7b1fc8992209ec776644fc8c83c83b0032
SHA512

0e9fcbd1f3753a11a5745e467d630fd36077879df982d8cf98e06e08718e4d369c452c7ad8819dbdf93ad6685e2fa99ec9b059cff0c5feaf69236ad80b280f3c
SSDEEP

6144:iFOwiyeVH0dxiroXWm/XFWdLUiIr5QhXY+lG9ijjz8QTOV0y4AS7E:yiyexQtVwYXyYOGe/811zn

Score

10^/10

warzonerat zgrat infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ff3d380d75da0970ca814403921a512d_JaffaCakes118.exe

Resource

win7-20240215-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

ff3d380d75da0970ca814403921a512d_JaffaCakes118.exe

Resource

win10v2004-20240412-en

warzonerat zgrat infostealer rat trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

hjjhjkk.ydns.eu:7009

Targets

- Target
  
  ff3d380d75da0970ca814403921a512d_JaffaCakes118
- Size
  
  336KB
- MD5
  
  ff3d380d75da0970ca814403921a512d
- SHA1
  
  bd06d7efc8946846addb9593893ac91a668d1e75
- SHA256
  
  1c2437ae6ffc0eee1e868edc26540d7b1fc8992209ec776644fc8c83c83b0032
- SHA512
  
  0e9fcbd1f3753a11a5745e467d630fd36077879df982d8cf98e06e08718e4d369c452c7ad8819dbdf93ad6685e2fa99ec9b059cff0c5feaf69236ad80b280f3c
- SSDEEP
  
  6144:iFOwiyeVH0dxiroXWm/XFWdLUiIr5QhXY+lG9ijjz8QTOV0y4AS7E:yiyexQtVwYXyYOGe/811zn
Score

10^/10

zgrat rat warzonerat infostealer trojan
- Detect ZGRat V1
- Detects BazaLoader malware
  BazaLoader is a trojan that transmits logs to the Command and Control (C2) server, encoding them in BASE64 format through GET requests.
  trojan
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Warzone RAT payload
  rat
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

warzoneratzgratinfostealerrattrojan

© 2018-2024

Terms | Privacy