warzonerat | b4b14f0512858ecd957152f6f21d06070ad3f371206568871d0f92d5a41ecd83 | Triage

Submit
Reports

Overview

overview

Static

static

8

cargo docu...df.exe

windows7_x64

cargo docu...df.exe

windows10-2004_x64

Sharing

General

Target

cargo documents.pdf.exe
Size

183KB
Sample

220606-jjncyabaaj
MD5

f0bec0deb10b8bc59a5b2d207b4cdeef
SHA1

452b936847f131abd4b872815ab35c9b9bcd9cbb
SHA256

b4b14f0512858ecd957152f6f21d06070ad3f371206568871d0f92d5a41ecd83
SHA512

a57437bba1a5b9bb8ce2754290e80a5ed78adb8a8017305fe30ac1a7a95c5480fd771a7b35ccd048d17dba2409f74e8c407523a0f0aa61559392c4f0fc95164e

Score

10^/10

warzonerat infostealer persistence rat suricata upx

Static task

static1

Behavioral task

behavioral1

Sample

cargo documents.pdf.exe

Resource

win7-20220414-en

warzonerat infostealer persistence rat suricata upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

cargo documents.pdf.exe

Resource

win10v2004-20220414-en

warzonerat infostealer persistence rat suricata upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

udooiuyt.dynamic-dns.net:5200

Targets

- Target
  
  cargo documents.pdf.exe
- Size
  
  183KB
- MD5
  
  f0bec0deb10b8bc59a5b2d207b4cdeef
- SHA1
  
  452b936847f131abd4b872815ab35c9b9bcd9cbb
- SHA256
  
  b4b14f0512858ecd957152f6f21d06070ad3f371206568871d0f92d5a41ecd83
- SHA512
  
  a57437bba1a5b9bb8ce2754290e80a5ed78adb8a8017305fe30ac1a7a95c5480fd771a7b35ccd048d17dba2409f74e8c407523a0f0aa61559392c4f0fc95164e
Score

10^/10

warzonerat infostealer persistence rat suricata upx
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- suricata: ET MALWARE Ave Maria/Warzone RAT Encrypted CnC Checkin
  suricata: ET MALWARE Ave Maria/Warzone RAT Encrypted CnC Checkin
  suricata
- suricata: ET MALWARE Ave Maria/Warzone RAT Encrypted CnC Checkin (Inbound)
  suricata: ET MALWARE Ave Maria/Warzone RAT Encrypted CnC Checkin (Inbound)
  suricata
- Warzone RAT Payload
  rat
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

warzoneratinfostealerpersistenceratsuricataupx

behavioral2

warzoneratinfostealerpersistenceratsuricataupx

© 2018-2024

Terms | Privacy