warzonerat | 85fd6ce192054a81246927f2337c687187b518225239f80c462fbb998a52f81c | Triage

Submit
Reports

Overview

overview

Static

static

3

d34aaeb497...18.exe

windows7-x64

7

d34aaeb497...18.exe

windows10-2004-x64

Sharing

General

Target

d34aaeb4974f48c1f239e7cefd28e1b6_JaffaCakes118
Size

1.1MB
Sample

241207-ydx3hsznav
MD5

d34aaeb4974f48c1f239e7cefd28e1b6
SHA1

2722a0666ab09d4f9220c327553d5a60d02356da
SHA256

85fd6ce192054a81246927f2337c687187b518225239f80c462fbb998a52f81c
SHA512

7bf7e5d148b81f8c8e8ffe43b91b6d3862c2e43f0c04586f4d683db6e57464a19892c3e1a2c5b221b5bcc89f822820db3e0d0265ffbd00f6dbb2b7293529dd83
SSDEEP

12288:0c/5tE7w6ukIelmxcmjK1FnPI8W3qMolwn6w2HlkRMGrmQ/X/mgQkjm/HL0uPFdQ:NW7w6ulAqxW+yyxtrmQ/X/Kkjm/HL0L

Score

10^/10

warzonerat discovery infostealer rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d34aaeb4974f48c1f239e7cefd28e1b6_JaffaCakes118.exe

Resource

win7-20241010-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

d34aaeb4974f48c1f239e7cefd28e1b6_JaffaCakes118.exe

Resource

win10v2004-20241007-en

warzonerat discovery infostealer rat

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

pentester01.duckdns.org:60976

Targets

- Target
  
  d34aaeb4974f48c1f239e7cefd28e1b6_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  d34aaeb4974f48c1f239e7cefd28e1b6
- SHA1
  
  2722a0666ab09d4f9220c327553d5a60d02356da
- SHA256
  
  85fd6ce192054a81246927f2337c687187b518225239f80c462fbb998a52f81c
- SHA512
  
  7bf7e5d148b81f8c8e8ffe43b91b6d3862c2e43f0c04586f4d683db6e57464a19892c3e1a2c5b221b5bcc89f822820db3e0d0265ffbd00f6dbb2b7293529dd83
- SSDEEP
  
  12288:0c/5tE7w6ukIelmxcmjK1FnPI8W3qMolwn6w2HlkRMGrmQ/X/mgQkjm/HL0uPFdQ:NW7w6ulAqxW+yyxtrmQ/X/Kkjm/HL0L
Score

10^/10

discovery warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzonerat family
  warzonerat
- Warzone RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

warzoneratdiscoveryinfostealerrat

© 2018-2025

Terms | Privacy