warzonerat | 7c30488a8013b73ad1a7d70d8b8b3195676cb4a467769deb3b967f17d584e706 | Triage

Submit
Reports

Overview

overview

Static

static

3

cfbff78272...1c.exe

windows7-x64

cfbff78272...1c.exe

windows10-2004-x64

Sharing

General

Target

7c30488a8013b73ad1a7d70d8b8b3195676cb4a467769deb3b967f17d584e706.zip
Size

312KB
Sample

250326-pk6tka11b1
MD5

99b469067aa15b516e29396d12bf7cae
SHA1

9d7d6decf8575fe1d19e3278e47a540272e90070
SHA256

7c30488a8013b73ad1a7d70d8b8b3195676cb4a467769deb3b967f17d584e706
SHA512

b0de5dc7f90629e42f6e065487377e6c103457dde11a456ef6f00c2161bed265713d5a47c2f7f7bbd8e611cc6c05c043aa95a261a9da8f5dcdb05f2da6404baf
SSDEEP

6144:2P+eP21zKs2nCS7hibEz4PGQyYC+VbT8LojvUUJf383h:221z3S7Mwz45yk9TsozUeM3h

Score

10^/10

warzonerat discovery infostealer rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

cfbff78272aa6680ec533fc66b4d2f10145c0b9b9a45fcf6f41bf65f54d6191c.exe

Resource

win7-20240903-en

warzonerat discovery infostealer rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

cfbff78272aa6680ec533fc66b4d2f10145c0b9b9a45fcf6f41bf65f54d6191c.exe

Resource

win10v2004-20250314-en

warzonerat discovery infostealer rat

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

79.134.225.30:5590

Targets

- Target
  
  cfbff78272aa6680ec533fc66b4d2f10145c0b9b9a45fcf6f41bf65f54d6191c.exe
- Size
  
  453KB
- MD5
  
  b4316f8cbe7a62d557b824d377880dff
- SHA1
  
  76dd09f92a4a22ab2f53be5ad3f3cb88a62cac1e
- SHA256
  
  cfbff78272aa6680ec533fc66b4d2f10145c0b9b9a45fcf6f41bf65f54d6191c
- SHA512
  
  bb683485a674a7bbabbb0e64f322f91d7a8f4a495a51f552f6018a8b2e609263353dd5a5c23112b41f2c6a3110481e79f51add9d289958b52d909453198d81f6
- SSDEEP
  
  6144:DEkW8RdBHMlU8LFMrrtMuV3VUuj1LNBvyRS3Bfw/LV/FhWSqQnql9Flui/PSpZA:w4t8LFMftxeI9vkSRfeLV/FTqlLiZ
Score

10^/10

warzonerat discovery infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzonerat family
  warzonerat
- Warzone RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratdiscoveryinfostealerrat

behavioral2

warzoneratdiscoveryinfostealerrat

© 2018-2025

Terms | Privacy