warzonerat | 6e1bf6e75eddea4d6b476fc1ebee4a27001e96ea431acc9673929dd6974f20a7 | Triage

Sharing

General

Target

96a8236dcc4bd2a392a82075f38327843610b5d86d2ef1095afcf8b461e58c39N.exe
Size

2.9MB
Sample

241110-12m9bswemm
MD5

ecc387942636a759bf75666c1affcbe9
SHA1

539668bf21a251da9fe843983ca3b69b224cd0ee
SHA256

6e1bf6e75eddea4d6b476fc1ebee4a27001e96ea431acc9673929dd6974f20a7
SHA512

92783e1ee9e6386f3c3f5fb99357d629baaeb9245c292caef58b8cc3de74c57c554aa4ac43fc48de5ed9691c9632514302447aba8ead7b619b0efdb6b37aaa87
SSDEEP

24576:7v97AXmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eH+:7v97AXmw4gxeOw46fUbNecCCFbNecB

Score

10^/10

warzonerat discovery persistence rat

Malware Config

Targets

- Target
  
  96a8236dcc4bd2a392a82075f38327843610b5d86d2ef1095afcf8b461e58c39N.exe
- Size
  
  2.9MB
- MD5
  
  ecc387942636a759bf75666c1affcbe9
- SHA1
  
  539668bf21a251da9fe843983ca3b69b224cd0ee
- SHA256
  
  6e1bf6e75eddea4d6b476fc1ebee4a27001e96ea431acc9673929dd6974f20a7
- SHA512
  
  92783e1ee9e6386f3c3f5fb99357d629baaeb9245c292caef58b8cc3de74c57c554aa4ac43fc48de5ed9691c9632514302447aba8ead7b619b0efdb6b37aaa87
- SSDEEP
  
  24576:7v97AXmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eH+:7v97AXmw4gxeOw46fUbNecCCFbNecB
Score

7^/10

discovery persistence
- Drops startup file
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence