warzonerat | 057b9684944ef2d38a986568cef80c2929eb0a95f3adea02747ab7a1d096ed7f | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

057b968494...7f.exe

windows7-x64

057b968494...7f.exe

windows10-2004-x64

Sharing

General

Target

057b9684944ef2d38a986568cef80c2929eb0a95f3adea02747ab7a1d096ed7f
Size

1.8MB
Sample

250114-x1639syndp
MD5

6221548960a4572e9c9dd7ea48dfc017
SHA1

7f8913f772908caa76110a69152167a32070dced
SHA256

057b9684944ef2d38a986568cef80c2929eb0a95f3adea02747ab7a1d096ed7f
SHA512

f4059cf47828c78d2bbf8ca4f3d7c0ff7e205410b20bedb7384fcd2324c861a6b63cfcca91e31a3bf61439afa50588ad11d55bcada92922f940deccdaf3ca53a
SSDEEP

12288:i254f/VAuj79umm3xR0lq+X6kOyeXiYxewRJBWW59qA7W2FeDSIGVH/KIDgDgUeq:x+D9uVMpjOyerrFQDbGV6eH81kG

Score

10^/10

warzonerat discovery evasion infostealer persistence rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

057b9684944ef2d38a986568cef80c2929eb0a95f3adea02747ab7a1d096ed7f.exe

Resource

win7-20240903-en

warzonerat discovery evasion infostealer persistence rat

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

057b9684944ef2d38a986568cef80c2929eb0a95f3adea02747ab7a1d096ed7f.exe

Resource

win10v2004-20241007-en

warzonerat discovery evasion infostealer persistence rat

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  057b9684944ef2d38a986568cef80c2929eb0a95f3adea02747ab7a1d096ed7f
- Size
  
  1.8MB
- MD5
  
  6221548960a4572e9c9dd7ea48dfc017
- SHA1
  
  7f8913f772908caa76110a69152167a32070dced
- SHA256
  
  057b9684944ef2d38a986568cef80c2929eb0a95f3adea02747ab7a1d096ed7f
- SHA512
  
  f4059cf47828c78d2bbf8ca4f3d7c0ff7e205410b20bedb7384fcd2324c861a6b63cfcca91e31a3bf61439afa50588ad11d55bcada92922f940deccdaf3ca53a
- SSDEEP
  
  12288:i254f/VAuj79umm3xR0lq+X6kOyeXiYxewRJBWW59qA7W2FeDSIGVH/KIDgDgUeq:x+D9uVMpjOyerrFQDbGV6eH81kG
Score

10^/10

warzonerat discovery evasion infostealer persistence rat
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzonerat family
  warzonerat
- Warzone RAT payload
  rat
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratdiscoveryevasioninfostealerpersistencerat

behavioral2

warzoneratdiscoveryevasioninfostealerpersistencerat

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.