warzonerat | aaae2a95d3c2054414d9b4cd55405563c1059ac881d9252ce338ecef1a25f857 | Triage

Submit
Reports

Overview

overview

Static

static

3

aaae2a95d3...57.exe

windows7-x64

aaae2a95d3...57.exe

windows10-2004-x64

Sharing

General

Target

aaae2a95d3c2054414d9b4cd55405563c1059ac881d9252ce338ecef1a25f857.exe
Size

275KB
Sample

241213-ddw51awpay
MD5

d2928a656a545e09d4103532e69b7e98
SHA1

5caa4825462ad5a83ba8f16b284d8e1365a5c05e
SHA256

aaae2a95d3c2054414d9b4cd55405563c1059ac881d9252ce338ecef1a25f857
SHA512

7778ea634a514812b6be6c826920d33a1c7bb05e74c1e5758308aa51d83cdb14e8fd083bc84684b8f68a3cf5753b580b8c285bfa3e7fdbd08947ca3670f1d451
SSDEEP

6144:kv5oW4iOVCMftXU6JlD23CibX3cC1krm/rxfPDlS5SSGbVd:O6VXU6bKygcoku3P

Score

10^/10

warzonerat discovery infostealer persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

aaae2a95d3c2054414d9b4cd55405563c1059ac881d9252ce338ecef1a25f857.exe

Resource

win7-20240903-en

warzonerat discovery infostealer persistence rat

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

aaae2a95d3c2054414d9b4cd55405563c1059ac881d9252ce338ecef1a25f857.exe

Resource

win10v2004-20241007-en

warzonerat discovery infostealer persistence rat

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

dns.stipamana.com:5220

Targets

- Target
  
  aaae2a95d3c2054414d9b4cd55405563c1059ac881d9252ce338ecef1a25f857.exe
- Size
  
  275KB
- MD5
  
  d2928a656a545e09d4103532e69b7e98
- SHA1
  
  5caa4825462ad5a83ba8f16b284d8e1365a5c05e
- SHA256
  
  aaae2a95d3c2054414d9b4cd55405563c1059ac881d9252ce338ecef1a25f857
- SHA512
  
  7778ea634a514812b6be6c826920d33a1c7bb05e74c1e5758308aa51d83cdb14e8fd083bc84684b8f68a3cf5753b580b8c285bfa3e7fdbd08947ca3670f1d451
- SSDEEP
  
  6144:kv5oW4iOVCMftXU6JlD23CibX3cC1krm/rxfPDlS5SSGbVd:O6VXU6bKygcoku3P
Score

10^/10

warzonerat discovery infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzonerat family
  warzonerat
- Warzone RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratdiscoveryinfostealerpersistencerat

behavioral2

warzoneratdiscoveryinfostealerpersistencerat

© 2018-2024

Terms | Privacy