warzonerat | 80c700fdbbd9ef5c814248f7c2518a6969eb9c3631823523646666d2b194ddb7 | Triage

Submit
Reports

Overview

overview

Static

static

3

80c700fdbb...b7.exe

windows7-x64

80c700fdbb...b7.exe

windows10-2004-x64

Sharing

General

Target

80c700fdbbd9ef5c814248f7c2518a6969eb9c3631823523646666d2b194ddb7
Size

781KB
Sample

240817-bl8snaydnd
MD5

ad3eeee344dc635cf361e473b6bed785
SHA1

512ffc124dbc4b67ece76ab0775690a2487fd530
SHA256

80c700fdbbd9ef5c814248f7c2518a6969eb9c3631823523646666d2b194ddb7
SHA512

c0dc95ed59408386f2e23018213c7fbe9ab341693d42a88d06ef7446cf9ec06f40392e40097a2a0958cd06866e6dae6820771bc44831a879b8ee682048e60b16
SSDEEP

12288:ECQjgAtAHM+vetZxF5EWry8AJGy0ATEAmDF4IRZkB8OJuJeCEKZmny9eiBbpSZ5F:E5ZWs+OZVEWry8AFLTE4w5Je2Zmy9pbK

Score

10^/10

warzonerat discovery infostealer link pdf rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

80c700fdbbd9ef5c814248f7c2518a6969eb9c3631823523646666d2b194ddb7.exe

Resource

win7-20240729-en

warzonerat discovery infostealer link pdf rat

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

80c700fdbbd9ef5c814248f7c2518a6969eb9c3631823523646666d2b194ddb7.exe

Resource

win10v2004-20240802-en

warzonerat discovery infostealer link pdf rat

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

papacy.line.pm:4004

Targets

- Target
  
  80c700fdbbd9ef5c814248f7c2518a6969eb9c3631823523646666d2b194ddb7
- Size
  
  781KB
- MD5
  
  ad3eeee344dc635cf361e473b6bed785
- SHA1
  
  512ffc124dbc4b67ece76ab0775690a2487fd530
- SHA256
  
  80c700fdbbd9ef5c814248f7c2518a6969eb9c3631823523646666d2b194ddb7
- SHA512
  
  c0dc95ed59408386f2e23018213c7fbe9ab341693d42a88d06ef7446cf9ec06f40392e40097a2a0958cd06866e6dae6820771bc44831a879b8ee682048e60b16
- SSDEEP
  
  12288:ECQjgAtAHM+vetZxF5EWry8AJGy0ATEAmDF4IRZkB8OJuJeCEKZmny9eiBbpSZ5F:E5ZWs+OZVEWry8AFLTE4w5Je2Zmy9pbK
Score

10^/10

warzonerat discovery infostealer link pdf rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratdiscoveryinfostealerlinkpdfrat

behavioral2

warzoneratdiscoveryinfostealerlinkpdfrat

© 2018-2025

Terms | Privacy