warzonerat | 091b75dd7e48a2587c59882fa0a6b2482ebbb2b2c85a21a3ab5687acae742950 | Triage

Sharing

General

Target

091b75dd7e48a2587c59882fa0a6b2482ebbb2b2c85a21a3ab5687acae742950.exe
Size

2.9MB
Sample

241110-178r8azlan
MD5

33d4713a28ef73bc711eecc717947a25
SHA1

778545481c4e9e093443a3eee114527e97b76453
SHA256

091b75dd7e48a2587c59882fa0a6b2482ebbb2b2c85a21a3ab5687acae742950
SHA512

6a976f3eb5665539d7bdd239bb96bd886af5d4578dabd734e6a56af053469797d49cae6767afffb86bf5660ab35d13d93fbbc6fd9426064437df89106c8e8d2a
SSDEEP

24576:7v97AXmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHr:7v97AXmw4gxeOw46fUbNecCCFbNeck

Score

10^/10

warzonerat discovery persistence rat

Malware Config

Targets

- Target
  
  091b75dd7e48a2587c59882fa0a6b2482ebbb2b2c85a21a3ab5687acae742950.exe
- Size
  
  2.9MB
- MD5
  
  33d4713a28ef73bc711eecc717947a25
- SHA1
  
  778545481c4e9e093443a3eee114527e97b76453
- SHA256
  
  091b75dd7e48a2587c59882fa0a6b2482ebbb2b2c85a21a3ab5687acae742950
- SHA512
  
  6a976f3eb5665539d7bdd239bb96bd886af5d4578dabd734e6a56af053469797d49cae6767afffb86bf5660ab35d13d93fbbc6fd9426064437df89106c8e8d2a
- SSDEEP
  
  24576:7v97AXmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHr:7v97AXmw4gxeOw46fUbNecCCFbNeck
Score

7^/10

discovery persistence
- Drops startup file
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence