warzonerat | 91811eb7ed028774d4c50120b688d39d79b42f7fba9591c73b3138fce4367c40 | Triage

Submit
Reports

Overview

overview

Static

static

91811eb7ed...0N.exe

windows7-x64

91811eb7ed...0N.exe

windows10-2004-x64

Sharing

General

Target

91811eb7ed028774d4c50120b688d39d79b42f7fba9591c73b3138fce4367c40N.exe
Size

8.9MB
Sample

241115-xy5sesyrbz
MD5

fde3ab7484145ddea7ee5989b977cf40
SHA1

b485393eb583bb644b9a076d3f9e6fb72a99c1f7
SHA256

91811eb7ed028774d4c50120b688d39d79b42f7fba9591c73b3138fce4367c40
SHA512

a4b0e18c412ecbd28cfbda25e7334c11511248abfabb0b782aa73c8686579170eeee7b9a2d6a279c60f8a5f8c3a0a67a345fc0a6e1776ee44dcfe59b7f7eedf0
SSDEEP

49152:K1XP6rPbNechC0bNechC0bNecIC0bNechC0bNechC0bNec6:K1+8e8e8f8e8e8L

Score

10^/10

warzonerat discovery infostealer persistence rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

91811eb7ed028774d4c50120b688d39d79b42f7fba9591c73b3138fce4367c40N.exe

Resource

win7-20241010-en

warzonerat discovery infostealer persistence rat

windows7-x64

13 signatures

120 seconds

Behavioral task

behavioral2

Sample

91811eb7ed028774d4c50120b688d39d79b42f7fba9591c73b3138fce4367c40N.exe

Resource

win10v2004-20241007-en

warzonerat discovery infostealer persistence rat

windows10-2004-x64

12 signatures

120 seconds

Malware Config

Targets

- Target
  
  91811eb7ed028774d4c50120b688d39d79b42f7fba9591c73b3138fce4367c40N.exe
- Size
  
  8.9MB
- MD5
  
  fde3ab7484145ddea7ee5989b977cf40
- SHA1
  
  b485393eb583bb644b9a076d3f9e6fb72a99c1f7
- SHA256
  
  91811eb7ed028774d4c50120b688d39d79b42f7fba9591c73b3138fce4367c40
- SHA512
  
  a4b0e18c412ecbd28cfbda25e7334c11511248abfabb0b782aa73c8686579170eeee7b9a2d6a279c60f8a5f8c3a0a67a345fc0a6e1776ee44dcfe59b7f7eedf0
- SSDEEP
  
  49152:K1XP6rPbNechC0bNechC0bNecIC0bNechC0bNechC0bNec6:K1+8e8e8f8e8e8L
Score

10^/10

warzonerat discovery infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzonerat family
  warzonerat
- Warzone RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratdiscoveryinfostealerpersistencerat

behavioral2

warzoneratdiscoveryinfostealerpersistencerat

© 2018-2025

Terms | Privacy