warzonerat | 469298a33eeb63a4b26b1eb8a89a4cc504ac08f0155b7b496d4062af80bdcd96 | Triage

Submit
Reports

Overview

overview

Static

static

3

DHL DOCUME...DF.exe

windows7-x64

DHL DOCUME...DF.exe

windows10-2004-x64

Sharing

General

Target

0f0f044cbeb9af25e2d60937011486ec_JaffaCakes118
Size

298KB
Sample

240502-2qqezsae79
MD5

0f0f044cbeb9af25e2d60937011486ec
SHA1

1547bfb233f29693a427930cc5132c946e4a1e7e
SHA256

469298a33eeb63a4b26b1eb8a89a4cc504ac08f0155b7b496d4062af80bdcd96
SHA512

c82157804e418e8833ab8367f1fa6e604ca85162a5c57c5203add77146f644c22452c499d08459c8fd5e9ccbe2e51517c83140c7c74837f4086178db1e7cea61
SSDEEP

6144:AtSDCN8zSV4SJe1Ymg5uh8oWQxR5yMyETnU5xQd65U65dAQxsLzDxJDS8QOYrtO:Atsw8E4SwmmmuqTQxmDETnU5I659TkLD

Score

10^/10

warzonerat infostealer persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

DHL DOCUMENTS No_SINI0068206497_PDF.exe

Resource

win7-20240220-en

warzonerat infostealer persistence rat

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

DHL DOCUMENTS No_SINI0068206497_PDF.exe

Resource

win10v2004-20240419-en

warzonerat infostealer persistence rat

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

185.140.53.91:1866

Targets

- Target
  
  DHL DOCUMENTS No_SINI0068206497_PDF.exe
- Size
  
  806KB
- MD5
  
  212f8cc8065d07df0055acab1dfb9d97
- SHA1
  
  49b740014d0dc2aabe52e96eb9c502037df2bd80
- SHA256
  
  7ab85ac83d63559d24659167d6ce9581f48304844b8ad799dad47a31311e2c9b
- SHA512
  
  2366a19e289649adff79c7d1180e78055ca649478393cab665638429d98681d554a0898c3ad1547e259b4607d9076a715f8d06b19ec361725acc849f64eed09a
- SSDEEP
  
  12288:I2TpWuXJM6iiguuUyREh6ZCjdJ2oQZ1DakzZwP5BTNdAL0++:IopW+JMjNZCjXzQZ1DakF8pNuL
Score

10^/10

warzonerat infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratinfostealerpersistencerat

behavioral2

warzoneratinfostealerpersistencerat

© 2018-2024

Terms | Privacy