warzonerat | 19208770999143f57876f067c6b8d4e6095c54f325b7ff7a0876972dd9239a07 | Triage

Submit
Reports

Overview

overview

Static

static

3

f44c5ee427...18.exe

windows7-x64

f44c5ee427...18.exe

windows10-2004-x64

3

Sharing

General

Target

f44c5ee427e17ec6ca2cca529dac4960_JaffaCakes118
Size

454KB
Sample

240924-xlafrazajk
MD5

f44c5ee427e17ec6ca2cca529dac4960
SHA1

057f34c7f586cb3ad5c6ac5bac85e10dc1b7c1a3
SHA256

19208770999143f57876f067c6b8d4e6095c54f325b7ff7a0876972dd9239a07
SHA512

5e383990ff8f970b6b7d0f7ff6d61df6135a26730d36b8498d9b13bf2f489d303db63d15c7e6049b0da5538cf62f373c0af6d27f05257da1e466a9c878fe4dfd
SSDEEP

12288:p5BbwrSx/ZzLXbtsnNCAoVR/cPIVmXh0H7:p5Bbwrk/ZzLLtsnN6Wu

Score

10^/10

warzonerat discovery infostealer persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f44c5ee427e17ec6ca2cca529dac4960_JaffaCakes118.exe

Resource

win7-20240903-en

warzonerat discovery infostealer persistence rat

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

f44c5ee427e17ec6ca2cca529dac4960_JaffaCakes118.exe

Resource

win10v2004-20240802-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

samirsana2019.myftp.biz:5200

Targets

- Target
  
  f44c5ee427e17ec6ca2cca529dac4960_JaffaCakes118
- Size
  
  454KB
- MD5
  
  f44c5ee427e17ec6ca2cca529dac4960
- SHA1
  
  057f34c7f586cb3ad5c6ac5bac85e10dc1b7c1a3
- SHA256
  
  19208770999143f57876f067c6b8d4e6095c54f325b7ff7a0876972dd9239a07
- SHA512
  
  5e383990ff8f970b6b7d0f7ff6d61df6135a26730d36b8498d9b13bf2f489d303db63d15c7e6049b0da5538cf62f373c0af6d27f05257da1e466a9c878fe4dfd
- SSDEEP
  
  12288:p5BbwrSx/ZzLXbtsnNCAoVR/cPIVmXh0H7:p5Bbwrk/ZzLLtsnN6Wu
Score

10^/10

warzonerat discovery infostealer persistence rat
- Modifies WinLogon for persistence
  persistence
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratdiscoveryinfostealerpersistencerat

behavioral2

© 2018-2025

Terms | Privacy