warzonerat | a5ea4ab0a43b452d8eada55cd5d8ef802dfccbd1616f648c88797d82025043ba | Triage

Sharing

General

Target

a5ea4ab0a43b452d8eada55cd5d8ef802dfccbd1616f648c88797d82025043ba.exe
Size

2.9MB
Sample

241111-dfhqds1gpc
MD5

964bde7ff5e10a0d4002cbe2b545ab70
SHA1

2e0722a7749959c0aef3d7e9736c57a7558e6eea
SHA256

a5ea4ab0a43b452d8eada55cd5d8ef802dfccbd1616f648c88797d82025043ba
SHA512

30aeb3a14bb360a03a7354005bcbee7294a566a72a1a3dcd71a72bc32657495c4c559b70722838a11a4e973c891595aaf5a77c3b38f044968a197218b593b2dc
SSDEEP

24576:7v97AXmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHf:7v97AXmw4gxeOw46fUbNecCCFbNece

Score

10^/10

warzonerat discovery persistence rat

Malware Config

Targets

- Target
  
  a5ea4ab0a43b452d8eada55cd5d8ef802dfccbd1616f648c88797d82025043ba.exe
- Size
  
  2.9MB
- MD5
  
  964bde7ff5e10a0d4002cbe2b545ab70
- SHA1
  
  2e0722a7749959c0aef3d7e9736c57a7558e6eea
- SHA256
  
  a5ea4ab0a43b452d8eada55cd5d8ef802dfccbd1616f648c88797d82025043ba
- SHA512
  
  30aeb3a14bb360a03a7354005bcbee7294a566a72a1a3dcd71a72bc32657495c4c559b70722838a11a4e973c891595aaf5a77c3b38f044968a197218b593b2dc
- SSDEEP
  
  24576:7v97AXmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHf:7v97AXmw4gxeOw46fUbNecCCFbNece
Score

7^/10

discovery persistence
- Drops startup file
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence