warzonerat | e2c8d079f2b4bb14ff371b3999f078f7cbfae0d52ab8cc99a803e9e13a0578ac | Triage

Submit
Reports

Overview

overview

Static

static

3

044ff15e8d...b6.exe

windows7-x64

044ff15e8d...b6.exe

windows10-2004-x64

5

Sharing

General

Target

07472f63bdec0c4a83767d19b8b7ba19.bin
Size

269KB
Sample

241214-bcvvfatphn
MD5

e2efa9092fe758fd1010159d2ec96db1
SHA1

4cfc0dbe8d5d5f025ce2fb22e98996b2133e6aa9
SHA256

e2c8d079f2b4bb14ff371b3999f078f7cbfae0d52ab8cc99a803e9e13a0578ac
SHA512

cd8a73d7248b4682499e29624bd0dd1cabec7f24309fc2f274c211986ede7cf37aba44a3dcd6c5e4de8a3a850343febe80a3254d64e96b8f11dc837036e49202
SSDEEP

6144:BUceSjWJvzPJqErDOyPiZsLrYDODdeZrjPEnHn+GEF+oGlOqWgt:WXSjWlLJBPbLJIjPEn+nWt

Score

10^/10

warzonerat discovery infostealer persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

044ff15e8d3c9534c11c3719bd88a8302611c697ae888b23c768cec52f1970b6.exe

Resource

win7-20240903-en

warzonerat discovery infostealer persistence rat

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

044ff15e8d3c9534c11c3719bd88a8302611c697ae888b23c768cec52f1970b6.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

dns.stipamana.com:5220

Targets

- Target
  
  044ff15e8d3c9534c11c3719bd88a8302611c697ae888b23c768cec52f1970b6.exe
- Size
  
  277KB
- MD5
  
  07472f63bdec0c4a83767d19b8b7ba19
- SHA1
  
  32392707ddac27ef3cb0baa8365ba11d326e86ce
- SHA256
  
  044ff15e8d3c9534c11c3719bd88a8302611c697ae888b23c768cec52f1970b6
- SHA512
  
  259dc8f8303b6be1fde58f090d2f628c80f9cab83be4df93b0b272e3073658cf9504acab7795df0727d900a025d9c2e5d1e7801a2f14c571f04e8b10a26f01ab
- SSDEEP
  
  6144:A4qCIulquAQ40xAkvW2jxcbK9kMYzX/Qt8AsH7m2vOlPegMIOGd:DI6lAQ403vjjxcbKwr+8/sQgH
Score

10^/10

warzonerat discovery infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzonerat family
  warzonerat
- Warzone RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratdiscoveryinfostealerpersistencerat

behavioral2

© 2018-2024

Terms | Privacy