warzonerat | 404a176d0455a3e99b16c589caf58fcfec84d453d8ff0984222ecbc4ad0fefb1 | Triage

Submit
Reports

Overview

overview

Static

static

3

fe24503eb8...53.exe

windows7-x64

fe24503eb8...53.exe

windows10-2004-x64

Sharing

General

Target

fe24503eb81fabf579481d5054b74753.bin
Size

470KB
Sample

240623-ej63tssgqq
MD5

fe24503eb81fabf579481d5054b74753
SHA1

f279d3f02a1aed9da188e8bfcb41c3a0bd43fba1
SHA256

404a176d0455a3e99b16c589caf58fcfec84d453d8ff0984222ecbc4ad0fefb1
SHA512

b9a3f0ff9c4966296fc27be9d4dc2c0373dbd68884eb842d02615ccb24b868bc9edf61becc54f1625fc7799e4b370a833cb39352709de1c5ec9f762d93f26231
SSDEEP

6144:ZTvIrqin80B3jwt05tBFGVEeOPPapTlg81t2/ceUwEt+O7rbeqE612J93Bj:oqix9wt0tNeOPwTlNt2/cKfu+q

Score

10^/10

warzonerat infostealer rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fe24503eb81fabf579481d5054b74753.exe

Resource

win7-20240611-en

warzonerat infostealer rat

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

fe24503eb81fabf579481d5054b74753.exe

Resource

win10v2004-20240508-en

warzonerat infostealer rat

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

79.134.225.90:9757

Targets

- Target
  
  fe24503eb81fabf579481d5054b74753.bin
- Size
  
  470KB
- MD5
  
  fe24503eb81fabf579481d5054b74753
- SHA1
  
  f279d3f02a1aed9da188e8bfcb41c3a0bd43fba1
- SHA256
  
  404a176d0455a3e99b16c589caf58fcfec84d453d8ff0984222ecbc4ad0fefb1
- SHA512
  
  b9a3f0ff9c4966296fc27be9d4dc2c0373dbd68884eb842d02615ccb24b868bc9edf61becc54f1625fc7799e4b370a833cb39352709de1c5ec9f762d93f26231
- SSDEEP
  
  6144:ZTvIrqin80B3jwt05tBFGVEeOPPapTlg81t2/ceUwEt+O7rbeqE612J93Bj:oqix9wt0tNeOPwTlNt2/cKfu+q
Score

10^/10

warzonerat infostealer rat
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

warzoneratinfostealerrat

behavioral2

warzoneratinfostealerrat

© 2018-2024

Terms | Privacy