warzonerat | c55c56828532ad2b3d922b0fb7eeb999c44cc3490deeccb3572e28166067be2a | Triage

Submit
Reports

Overview

overview

Static

static

3

Lisect_AV-...08.exe

windows7-x64

Lisect_AV-...08.exe

windows10-2004-x64

Sharing

General

Target

Lisect_AV-T_G3_308.exe
Size

232KB
Sample

240422-jlrhdaha68
MD5

bb5accb1bb157c951f739f0f3890b244
SHA1

fc9cf64ecd7a7eb794b478ce8e5cfbebc5954dc8
SHA256

c55c56828532ad2b3d922b0fb7eeb999c44cc3490deeccb3572e28166067be2a
SHA512

92a15ba0ff7353b08c262505a668ecced11ea4a0dda3f96f4224fb8f6e93a17cd388dfd14ce5ffee3574bbb5868f44bc9924379a464f34763a39bbf7dc2e314d
SSDEEP

6144:b+YD77nfv1aFxU5JOtXOgfNb6fTF4MoiwBP/DGDMDSj:bBfnfdKU5J6iATPrGS

Score

10^/10

warzonerat infostealer rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Lisect_AV-T_G3_308.exe

Resource

win7-20240221-en

warzonerat infostealer rat

windows7-x64

8 signatures

120 seconds

Behavioral task

behavioral2

Sample

Lisect_AV-T_G3_308.exe

Resource

win10v2004-20240412-en

warzonerat infostealer rat

windows10-2004-x64

8 signatures

120 seconds

Malware Config

Extracted

Family

warzonerat

C2

185.225.75.68:2222

Targets

- Target
  
  Lisect_AV-T_G3_308.exe
- Size
  
  232KB
- MD5
  
  bb5accb1bb157c951f739f0f3890b244
- SHA1
  
  fc9cf64ecd7a7eb794b478ce8e5cfbebc5954dc8
- SHA256
  
  c55c56828532ad2b3d922b0fb7eeb999c44cc3490deeccb3572e28166067be2a
- SHA512
  
  92a15ba0ff7353b08c262505a668ecced11ea4a0dda3f96f4224fb8f6e93a17cd388dfd14ce5ffee3574bbb5868f44bc9924379a464f34763a39bbf7dc2e314d
- SSDEEP
  
  6144:b+YD77nfv1aFxU5JOtXOgfNb6fTF4MoiwBP/DGDMDSj:bBfnfdKU5J6iATPrGS
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Executes dropped EXE
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

warzoneratinfostealerrat

© 2018-2024

Terms | Privacy