warzonerat | 24fbb1253fccfad541a84636d462d649ffd2a8786c4d81d298ede979853bb205

General

Target

24fbb1253fccfad541a84636d462d649ffd2a8786c4d81d298ede979853bb205
Size

1.2MB
Sample

250115-1h2bvaxlal
MD5

6e640d9055e4426295962a941c3374c9
SHA1

58c09e5eefe0d8c7a627fde7e5da11a3165586f0
SHA256

24fbb1253fccfad541a84636d462d649ffd2a8786c4d81d298ede979853bb205
SHA512

6d53465e987ccc2829e70e3757429e10ad40ff84e74ada45461b11467e0f3346df6150929a3662864682987b980fe0fc1b6c5da3f8a10613ffbe967abc6f83d2
SSDEEP

24576:bAHnh+eWsN3skA4RV1Hom2KXMmHaaIyjPcme5v:2h+ZkldoPK8YaVr/v

Score

10^/10

Malware Config

Extracted

Family

warzonerat

C2

yuotube.brasillojasfisicas.com:1346

Targets

- Target
  
  24fbb1253fccfad541a84636d462d649ffd2a8786c4d81d298ede979853bb205
- Size
  
  1.2MB
- MD5
  
  6e640d9055e4426295962a941c3374c9
- SHA1
  
  58c09e5eefe0d8c7a627fde7e5da11a3165586f0
- SHA256
  
  24fbb1253fccfad541a84636d462d649ffd2a8786c4d81d298ede979853bb205
- SHA512
  
  6d53465e987ccc2829e70e3757429e10ad40ff84e74ada45461b11467e0f3346df6150929a3662864682987b980fe0fc1b6c5da3f8a10613ffbe967abc6f83d2
- SSDEEP
  
  24576:bAHnh+eWsN3skA4RV1Hom2KXMmHaaIyjPcme5v:2h+ZkldoPK8YaVr/v
Score

10^/10

warzonerat discovery execution infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzonerat family
  warzonerat
- Warzone RAT payload
  rat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

PowerShell

1

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

WarzoneRat, AveMaria

Warzonerat family

Warzone RAT payload

Command and Scripting Interpreter: PowerShell

Drops startup file

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2