warzonerat | b91fc51f8a846e5cf1a2e47a0c1406eadb13531d0dd694321c35f205081acc31 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...46.exe

windows7-x64

JaffaCakes...46.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_77ccf1a80dcbee4cdf2abeb36462e846
Size

269KB
Sample

250104-fse65swkck
MD5

77ccf1a80dcbee4cdf2abeb36462e846
SHA1

800884ce8385b2fc192517b2213c59538580648f
SHA256

b91fc51f8a846e5cf1a2e47a0c1406eadb13531d0dd694321c35f205081acc31
SHA512

a9dcbd0e44b0a35a05f03b3ae0cc8a25843927bfc58413b7bf70be71d81b1a81377ccd4cd7a49d74818c7cfc32dc036546d6b3972f7c8d43ca96f3a8f4e11ca8
SSDEEP

6144:2ycZPyvpVvTqsb/JWxwzgE/VQQIADG8el:2VZP63b/JWxoQQxD

Score

10^/10

warzonerat discovery infostealer persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_77ccf1a80dcbee4cdf2abeb36462e846.exe

Resource

win7-20240903-en

warzonerat discovery infostealer persistence rat

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_77ccf1a80dcbee4cdf2abeb36462e846.exe

Resource

win10v2004-20241007-en

warzonerat discovery infostealer persistence rat

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

161.97.88.42:45266

Targets

- Target
  
  JaffaCakes118_77ccf1a80dcbee4cdf2abeb36462e846
- Size
  
  269KB
- MD5
  
  77ccf1a80dcbee4cdf2abeb36462e846
- SHA1
  
  800884ce8385b2fc192517b2213c59538580648f
- SHA256
  
  b91fc51f8a846e5cf1a2e47a0c1406eadb13531d0dd694321c35f205081acc31
- SHA512
  
  a9dcbd0e44b0a35a05f03b3ae0cc8a25843927bfc58413b7bf70be71d81b1a81377ccd4cd7a49d74818c7cfc32dc036546d6b3972f7c8d43ca96f3a8f4e11ca8
- SSDEEP
  
  6144:2ycZPyvpVvTqsb/JWxwzgE/VQQIADG8el:2VZP63b/JWxoQQxD
Score

10^/10

warzonerat discovery infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzonerat family
  warzonerat
- Warzone RAT payload
  rat
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratdiscoveryinfostealerpersistencerat

behavioral2

warzoneratdiscoveryinfostealerpersistencerat

© 2018-2025

Terms | Privacy