warzonerat | 6f68da459050effdc1e643ec81bec63c3860f0ea1c333a1cd451c11c8c08856c | Triage

Submit
Reports

Overview

overview

Static

static

3

PO-46564343.exe

windows10-1703-x64

PO-46564343.exe

windows10-2004-x64

Sharing

General

Target

PO-46564343.exe
Size

3.4MB
Sample

240423-tgye8shg27
MD5

b2c650f3a8e5745c8a832b2a0b18a399
SHA1

39140b79507c5af0b91ef864129ae3598373e061
SHA256

6f68da459050effdc1e643ec81bec63c3860f0ea1c333a1cd451c11c8c08856c
SHA512

3116c1d3c5f1106ea7324157d72ff150e9858a2777b7677802c283a9ab92c3add533fcb4c5d0fbde24cabdf7cd8b9e5b509f4ae1aa8f5bd694e07ad0f6e54c1c
SSDEEP

49152:qYQ9p/TMILu3UAJvYIJ7PBJw47zvqgFQmUn3ZhNr:Kpg63Zr

Score

10^/10

warzonerat infostealer persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

PO-46564343.exe

Resource

win10-20240404-en

warzonerat infostealer persistence rat

windows10-1703-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

PO-46564343.exe

Resource

win10v2004-20240412-en

warzonerat infostealer persistence rat

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

107.173.4.16:5200

Targets

- Target
  
  PO-46564343.exe
- Size
  
  3.4MB
- MD5
  
  b2c650f3a8e5745c8a832b2a0b18a399
- SHA1
  
  39140b79507c5af0b91ef864129ae3598373e061
- SHA256
  
  6f68da459050effdc1e643ec81bec63c3860f0ea1c333a1cd451c11c8c08856c
- SHA512
  
  3116c1d3c5f1106ea7324157d72ff150e9858a2777b7677802c283a9ab92c3add533fcb4c5d0fbde24cabdf7cd8b9e5b509f4ae1aa8f5bd694e07ad0f6e54c1c
- SSDEEP
  
  49152:qYQ9p/TMILu3UAJvYIJ7PBJw47zvqgFQmUn3ZhNr:Kpg63Zr
Score

10^/10

warzonerat infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

warzoneratinfostealerpersistencerat

behavioral2

warzoneratinfostealerpersistencerat

© 2018-2024

Terms | Privacy