warzonerat | cb0d61ab3572cf3ee79d10ca940f90020394c581adb792d063c0b11e6df50f28 | Triage

Sharing

General

Target

cb0d61ab3572cf3ee79d10ca940f90020394c581adb792d063c0b11e6df50f28N
Size

3.2MB
Sample

241025-3vp6fsxfmk
MD5

437b088c1a9b01751eeac4674aa965e0
SHA1

6de5cd8dfcdc097e5ea763f887b3c544c97b49f8
SHA256

cb0d61ab3572cf3ee79d10ca940f90020394c581adb792d063c0b11e6df50f28
SHA512

501787b4d7b2efffce54146c3318d7d0325361f419e819e46a271ca4f02072a1205fe8718e124e4f0e81d5337d628b93d759946ab78e1caa7a27afa8b33f6d9d
SSDEEP

24576:GIbGD2JTu0GoWQDbGV6eH8tkxIbGD2JTu0GoWQDbGV6eH8tkxIbGD2JTu0GoWQDz:7C0bNechC0bNechC0bn

Score

10^/10

warzonerat aspackv2 discovery persistence rat

Malware Config

Targets

- Target
  
  cb0d61ab3572cf3ee79d10ca940f90020394c581adb792d063c0b11e6df50f28N
- Size
  
  3.2MB
- MD5
  
  437b088c1a9b01751eeac4674aa965e0
- SHA1
  
  6de5cd8dfcdc097e5ea763f887b3c544c97b49f8
- SHA256
  
  cb0d61ab3572cf3ee79d10ca940f90020394c581adb792d063c0b11e6df50f28
- SHA512
  
  501787b4d7b2efffce54146c3318d7d0325361f419e819e46a271ca4f02072a1205fe8718e124e4f0e81d5337d628b93d759946ab78e1caa7a27afa8b33f6d9d
- SSDEEP
  
  24576:GIbGD2JTu0GoWQDbGV6eH8tkxIbGD2JTu0GoWQDbGV6eH8tkxIbGD2JTu0GoWQDz:7C0bNechC0bNechC0bn
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

rataspackv2warzonerat

behavioral1

discoverypersistence

behavioral2

discoverypersistence