warzonerat | a9f5ff12d64cfdf5555adbe1931f80679075d7d1215a67fd57b1728f451a2d91 | Triage

Sharing

General

Target

2025-04-15_0b019016508a828c0ee4a8b690abe2bd_black-basta_elex_luca-stealer_metamorfo
Size

1019KB
Sample

250415-fbw4bsxrz3
MD5

0b019016508a828c0ee4a8b690abe2bd
SHA1

a26dff2992ae833d5af1d3da4a9ec678e6dee58e
SHA256

a9f5ff12d64cfdf5555adbe1931f80679075d7d1215a67fd57b1728f451a2d91
SHA512

e050d6a0ab3c6840d0ca695a9c4f244bff5b98c086414673a2a8a64092f6c12fe28dbd25414e879576910d43f919a0ab393738c5b4e3b3918a937db55ea0efd1
SSDEEP

12288:9crNS33L10QdrXi4P7r9r/+ppppppppppppppppppppppppppppp0GHpneWemGWg:ANA3R5drXj1qHpeWWWT3IFTw79EvE08k

Score

10^/10

warzonerat discovery infostealer persistence rat

Malware Config

Extracted

Family

warzonerat

C2

bhirtyfive55.ydns.eu:5210

Targets

- Target
  
  2025-04-15_0b019016508a828c0ee4a8b690abe2bd_black-basta_elex_luca-stealer_metamorfo
- Size
  
  1019KB
- MD5
  
  0b019016508a828c0ee4a8b690abe2bd
- SHA1
  
  a26dff2992ae833d5af1d3da4a9ec678e6dee58e
- SHA256
  
  a9f5ff12d64cfdf5555adbe1931f80679075d7d1215a67fd57b1728f451a2d91
- SHA512
  
  e050d6a0ab3c6840d0ca695a9c4f244bff5b98c086414673a2a8a64092f6c12fe28dbd25414e879576910d43f919a0ab393738c5b4e3b3918a937db55ea0efd1
- SSDEEP
  
  12288:9crNS33L10QdrXi4P7r9r/+ppppppppppppppppppppppppppppp0GHpneWemGWg:ANA3R5drXj1qHpeWWWT3IFTw79EvE08k
Score

10^/10

warzonerat discovery infostealer persistence rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzonerat family
  warzonerat
- Warzone RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratdiscoveryinfostealerpersistencerat