Countless, easily-configurable malware families give rise, unfortunately, to countless malware samples. Fortunately for researchers, these different samples share functionality and the family can be discerned by looking for similarities, patterns, and heuristics contained within the code. It’s easy to figure out the child when you know what the parent looks like.
In this Malware Analysis Spotlight, we highlight the execution of a packed Warzone RAT sample. Warzone RAT is a Remote Access Trojan which was first advertised near the end of 2018 on warzone[.]io. This packed sample version of Warzone RAT was first seen this month according to VirusTotal. It is typically distributed via malicious email campaigns and is capable of credential theft and bypassing User Access Control (UAC). ...read more!