warzonerat | b38eb5940f0440fe9e3feaaf6d21abb1ac2aed235d465ed8307f151f20b75eb2 | Triage

Submit
Reports

Overview

overview

Static

static

3

461f3a72f6...18.exe

windows7-x64

461f3a72f6...18.exe

windows10-2004-x64

Sharing

General

Target

461f3a72f6d77526ceaa8ffd3d523537_JaffaCakes118
Size

271KB
Sample

240515-pc9kgsgh68
MD5

461f3a72f6d77526ceaa8ffd3d523537
SHA1

9e0123dc05e8f47c648f3cb90d215451f969230b
SHA256

b38eb5940f0440fe9e3feaaf6d21abb1ac2aed235d465ed8307f151f20b75eb2
SHA512

a8548e80124e989003dd6a3cce2ed4b29e21a941252100645fe7397c4f17be90987db32027e260b336d4e29c0725c863cdbe5a3c1f544ee1bdaac224ab2841eb
SSDEEP

6144:UkrG7ze1qAPEzhZgvUKoHIyx4xm2J+Ctje4DVWPaV:UkrOzAPYKUKoHfx6m2J9tjF0CV

Score

10^/10

warzonerat execution infostealer rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

461f3a72f6d77526ceaa8ffd3d523537_JaffaCakes118.exe

Resource

win7-20231129-en

warzonerat execution infostealer rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

461f3a72f6d77526ceaa8ffd3d523537_JaffaCakes118.exe

Resource

win10v2004-20240508-en

warzonerat execution infostealer rat

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

37.120.159.243:11904

Targets

- Target
  
  461f3a72f6d77526ceaa8ffd3d523537_JaffaCakes118
- Size
  
  271KB
- MD5
  
  461f3a72f6d77526ceaa8ffd3d523537
- SHA1
  
  9e0123dc05e8f47c648f3cb90d215451f969230b
- SHA256
  
  b38eb5940f0440fe9e3feaaf6d21abb1ac2aed235d465ed8307f151f20b75eb2
- SHA512
  
  a8548e80124e989003dd6a3cce2ed4b29e21a941252100645fe7397c4f17be90987db32027e260b336d4e29c0725c863cdbe5a3c1f544ee1bdaac224ab2841eb
- SSDEEP
  
  6144:UkrG7ze1qAPEzhZgvUKoHIyx4xm2J+Ctje4DVWPaV:UkrOzAPYKUKoHfx6m2J9tjF0CV
Score

10^/10

warzonerat execution infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratexecutioninfostealerrat

behavioral2

warzoneratexecutioninfostealerrat

© 2018-2024

Terms | Privacy