warzonerat | ad7c40e2ac4f78f7b3453e3211a5ba2eace89e2d660872d9be76384ed1572759 | Triage

Submit
Reports

Overview

overview

Static

static

730f0f4852...eb.exe

windows10-2004-x64

Sharing

General

Target

241127-xg52vs1rfj_pw_infected.zip
Size

4.1MB
Sample

241127-xk32nssjfj
MD5

e28c6cfe0d6d7c9bdb878e7ba19cded2
SHA1

03d34ca37cbd9536a42cfdcbbfe6fe3c8f03c03f
SHA256

ad7c40e2ac4f78f7b3453e3211a5ba2eace89e2d660872d9be76384ed1572759
SHA512

f980230effdd38125623c8a0f2170efd7756533d8111479c2dd14c21693567d0b7bfaba315a407d931be595233395ba1bdfb8748e2b4dbf016dee9b6003c7262
SSDEEP

98304:GavbgK6lPwXJ5zHXj/EeCdvlwNmr3tSUkE3KajLSPo6sbRSOE9:GavEM/EeCdSYr9Ss3KajLSP/N

Score

10^/10

warzonerat aspackv2 discovery infostealer persistence rat

Static task

static1

rat aspackv2 warzonerat

4 signatures

Behavioral task

behavioral1

Sample

730f0f4852ff31031bf53ccf6e2ded40ee354b20f316c082fa94c957e9f98ceb.exe

Resource

win10v2004-20241007-en

warzonerat aspackv2 discovery infostealer persistence rat

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Targets

- Target
  
  730f0f4852ff31031bf53ccf6e2ded40ee354b20f316c082fa94c957e9f98ceb.exe
- Size
  
  8.2MB
- MD5
  
  16f5a0862751c4a02dcb001a275bd844
- SHA1
  
  f932d1f74129021175950ad5c56a06947547742a
- SHA256
  
  730f0f4852ff31031bf53ccf6e2ded40ee354b20f316c082fa94c957e9f98ceb
- SHA512
  
  f5b0d92ee42c39ac2a912da23b051a0a16471824ae5f1069018f0e49298f9c6320ff2dd5f1884c2e6b37b702c44de60b63cd63c8a609743fd5232f76a01812d7
- SSDEEP
  
  49152:7C0bNechC0bNechC0bNecIC0bNechC0bNechC0bNecw:V8e8e8f8e8e8x
Score

10^/10

warzonerat aspackv2 discovery infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzonerat family
  warzonerat
- Warzone RAT payload
  rat
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

rataspackv2warzonerat

behavioral1

warzonerataspackv2discoveryinfostealerpersistencerat

© 2018-2025

Terms | Privacy