warzonerat | ad037b1200d5750500d6ef196ab0da8580ff54c337a14782ed68d55ec5a27543 | Triage

Submit
Reports

Overview

overview

Static

static

0d2d6eadb2...cs.exe

windows7-x64

0d2d6eadb2...cs.exe

windows10-2004-x64

Sharing

General

Target

0d2d6eadb2ab5909029be6944c3338a0NeikiAnalytics.exe
Size

3.9MB
Sample

240527-xhhmysfb57
MD5

0d2d6eadb2ab5909029be6944c3338a0
SHA1

76155e279625e09637f21ec5e2ffc6561622055a
SHA256

ad037b1200d5750500d6ef196ab0da8580ff54c337a14782ed68d55ec5a27543
SHA512

a94b10a01ceb0a6e26eb3231819a5e57a3ec618bb0abf9b43472cc8f103bdbb31cec98519e3e3a887df7ad559c1a16cef71f05f9c33e08bc25a6e3797c138e0f
SSDEEP

24576:GIbGD2JTu0GoWQDbGV6eH8tkxIbGD2JTu0GoWQDbGV6eH8tkxIbGD2JTu0GoWQDR:7C0bNechC0bNechC0bNec5

Score

10^/10

warzonerat aspackv2 evasion infostealer persistence rat

Static task

static1

rat aspackv2 warzonerat

4 signatures

Behavioral task

behavioral1

Sample

0d2d6eadb2ab5909029be6944c3338a0NeikiAnalytics.exe

Resource

win7-20240508-en

warzonerat aspackv2 evasion infostealer persistence rat

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

0d2d6eadb2ab5909029be6944c3338a0NeikiAnalytics.exe

Resource

win10v2004-20240508-en

warzonerat aspackv2 evasion infostealer persistence rat

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  0d2d6eadb2ab5909029be6944c3338a0NeikiAnalytics.exe
- Size
  
  3.9MB
- MD5
  
  0d2d6eadb2ab5909029be6944c3338a0
- SHA1
  
  76155e279625e09637f21ec5e2ffc6561622055a
- SHA256
  
  ad037b1200d5750500d6ef196ab0da8580ff54c337a14782ed68d55ec5a27543
- SHA512
  
  a94b10a01ceb0a6e26eb3231819a5e57a3ec618bb0abf9b43472cc8f103bdbb31cec98519e3e3a887df7ad559c1a16cef71f05f9c33e08bc25a6e3797c138e0f
- SSDEEP
  
  24576:GIbGD2JTu0GoWQDbGV6eH8tkxIbGD2JTu0GoWQDbGV6eH8tkxIbGD2JTu0GoWQDR:7C0bNechC0bNechC0bNec5
Score

10^/10

warzonerat aspackv2 evasion infostealer persistence rat
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Modifies Installed Components in the registry
  persistence
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

rataspackv2warzonerat

behavioral1

warzonerataspackv2evasioninfostealerpersistencerat

behavioral2

warzonerataspackv2evasioninfostealerpersistencerat

© 2018-2024

Terms | Privacy