warzonerat | cd338d07638f35ba1bec4b3330885f2677235547998bc5f1f43cfb61f7c4a539 | Triage

Submit
Reports

Overview

overview

Static

static

3

b3b4dedead...18.exe

windows7-x64

b3b4dedead...18.exe

windows10-2004-x64

Sharing

General

Target

b3b4dedead0fe31afa2662531248365f_JaffaCakes118
Size

440KB
Sample

240616-qj3wysydrn
MD5

b3b4dedead0fe31afa2662531248365f
SHA1

bec33f6b3cc7ac799b882e94d2ad9a09a48b8927
SHA256

cd338d07638f35ba1bec4b3330885f2677235547998bc5f1f43cfb61f7c4a539
SHA512

5828ee0805532dbf08b162ae5e1d6cc9c0f0beb2a1f9889c8ea7c007492daee41be9d5dcc1579507d44273cd7892c1faebe8356539b79fbf0d0e716bf25574d9
SSDEEP

6144:gK1hdbseMXsBOm0gTN3419IjBxNAAvujAHyAGPQQ08QFfyLHG:gKTMXjqo19eBHak8NQem

Score

10^/10

warzonerat infostealer rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b3b4dedead0fe31afa2662531248365f_JaffaCakes118.exe

Resource

win7-20231129-en

warzonerat infostealer rat

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

b3b4dedead0fe31afa2662531248365f_JaffaCakes118.exe

Resource

win10v2004-20240508-en

warzonerat infostealer rat

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

glorylnter.hopto.org:5988

Targets

- Target
  
  b3b4dedead0fe31afa2662531248365f_JaffaCakes118
- Size
  
  440KB
- MD5
  
  b3b4dedead0fe31afa2662531248365f
- SHA1
  
  bec33f6b3cc7ac799b882e94d2ad9a09a48b8927
- SHA256
  
  cd338d07638f35ba1bec4b3330885f2677235547998bc5f1f43cfb61f7c4a539
- SHA512
  
  5828ee0805532dbf08b162ae5e1d6cc9c0f0beb2a1f9889c8ea7c007492daee41be9d5dcc1579507d44273cd7892c1faebe8356539b79fbf0d0e716bf25574d9
- SSDEEP
  
  6144:gK1hdbseMXsBOm0gTN3419IjBxNAAvujAHyAGPQQ08QFfyLHG:gKTMXjqo19eBHak8NQem
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

warzoneratinfostealerrat

© 2018-2024

Terms | Privacy