warzonerat | a93f870ec5baff88edb4a49b7e1166c6b604c152ab6a49b232ddfa0eaa371886 | Triage

Submit
Reports

Overview

overview

Static

static

8

a93f870ec5...86.xls

windows7-x64

a93f870ec5...86.xls

windows10-2004-x64

Sharing

General

Target

a93f870ec5baff88edb4a49b7e1166c6b604c152ab6a49b232ddfa0eaa371886.xls
Size

69KB
Sample

241211-dmzbqaxraj
MD5

9c500aed213cf9693c7e93a94e4c4b12
SHA1

955c61d7f667fcc01780be2124eace8988f423a4
SHA256

a93f870ec5baff88edb4a49b7e1166c6b604c152ab6a49b232ddfa0eaa371886
SHA512

62dacbd2d51d5d6b20c83914d2c3964161fa9b65a6318998f5d8392bfcc618f31299d401fb8de010402a45c59682022be8d636f559aa293c28900da86e8ff87f
SSDEEP

1536:cKxEtjPOtioVjDGUU1qfDlaGGx+cL2QnAzXo4inBGp9tRG52yriu1CVDs:cKxEtjPOtioVjDGUU1qfDlaGGx+cL2Qz

Score

10^/10

warzonerat discovery infostealer macro macro_on_action persistence rat

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

a93f870ec5baff88edb4a49b7e1166c6b604c152ab6a49b232ddfa0eaa371886.xls

Resource

win7-20240903-en

warzonerat discovery infostealer persistence rat

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

a93f870ec5baff88edb4a49b7e1166c6b604c152ab6a49b232ddfa0eaa371886.xls

Resource

win10v2004-20241007-en

warzonerat discovery infostealer persistence rat

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

dns.stipamana.com:5219

Targets

- Target
  
  a93f870ec5baff88edb4a49b7e1166c6b604c152ab6a49b232ddfa0eaa371886.xls
- Size
  
  69KB
- MD5
  
  9c500aed213cf9693c7e93a94e4c4b12
- SHA1
  
  955c61d7f667fcc01780be2124eace8988f423a4
- SHA256
  
  a93f870ec5baff88edb4a49b7e1166c6b604c152ab6a49b232ddfa0eaa371886
- SHA512
  
  62dacbd2d51d5d6b20c83914d2c3964161fa9b65a6318998f5d8392bfcc618f31299d401fb8de010402a45c59682022be8d636f559aa293c28900da86e8ff87f
- SSDEEP
  
  1536:cKxEtjPOtioVjDGUU1qfDlaGGx+cL2QnAzXo4inBGp9tRG52yriu1CVDs:cKxEtjPOtioVjDGUU1qfDlaGGx+cL2Qz
Score

10^/10

warzonerat discovery infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzonerat family
  warzonerat
- Warzone RAT payload
  rat
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

macromacro_on_action

behavioral1

warzoneratdiscoveryinfostealerpersistencerat

behavioral2

warzoneratdiscoveryinfostealerpersistencerat

© 2018-2024

Terms | Privacy