warzonerat | 6848963c64d436902b411ffe50ac93f3b0e45c19e5828c05df7503c32c857916 | Triage

Submit
Reports

Overview

overview

Static

static

6848963c64...16.exe

windows7-x64

6848963c64...16.exe

windows10-2004-x64

Sharing

General

Target

6848963c64d436902b411ffe50ac93f3b0e45c19e5828c05df7503c32c857916
Size

1.8MB
Sample

241217-3gx9xatner
MD5

4ca42547d30e4f790b04a3db5288cd16
SHA1

a07ab1d80757b44cb1a0c411be91510fc8731dbf
SHA256

6848963c64d436902b411ffe50ac93f3b0e45c19e5828c05df7503c32c857916
SHA512

f3e2b80d1996f065c26b1e1e3e9e6c19b47b081d87b2f550412a1b8915aa445185e41407477ea724b85ba5bf4793d4c3f2e216e71a4b795c9eb201824cf52c71
SSDEEP

12288:i254f/VAuj79umm3xR0lq+X6kOyeXiYxewRJBWW59qA7W2FeDSIGVH/KIDgDgUeG:x+D9uVMpjOyerrFQDbGV6eH81kS

Score

10^/10

warzonerat discovery evasion infostealer persistence rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

6848963c64d436902b411ffe50ac93f3b0e45c19e5828c05df7503c32c857916.exe

Resource

win7-20240903-en

warzonerat discovery evasion infostealer persistence rat

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

6848963c64d436902b411ffe50ac93f3b0e45c19e5828c05df7503c32c857916.exe

Resource

win10v2004-20241007-en

warzonerat discovery evasion infostealer persistence rat

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  6848963c64d436902b411ffe50ac93f3b0e45c19e5828c05df7503c32c857916
- Size
  
  1.8MB
- MD5
  
  4ca42547d30e4f790b04a3db5288cd16
- SHA1
  
  a07ab1d80757b44cb1a0c411be91510fc8731dbf
- SHA256
  
  6848963c64d436902b411ffe50ac93f3b0e45c19e5828c05df7503c32c857916
- SHA512
  
  f3e2b80d1996f065c26b1e1e3e9e6c19b47b081d87b2f550412a1b8915aa445185e41407477ea724b85ba5bf4793d4c3f2e216e71a4b795c9eb201824cf52c71
- SSDEEP
  
  12288:i254f/VAuj79umm3xR0lq+X6kOyeXiYxewRJBWW59qA7W2FeDSIGVH/KIDgDgUeG:x+D9uVMpjOyerrFQDbGV6eH81kS
Score

10^/10

warzonerat discovery evasion infostealer persistence rat
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzonerat family
  warzonerat
- Warzone RAT payload
  rat
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratdiscoveryevasioninfostealerpersistencerat

behavioral2

warzoneratdiscoveryevasioninfostealerpersistencerat

© 2018-2024

Terms | Privacy