warzonerat | acf9caa7c71ad2bcd57b874f2d9850a14f80447c83915b9f5c37804bca05b41a | Triage

Sharing

General

Target

0e04e00d34c90ca87be59fbd0048733df6e2882f50d570832f2e0e6f6c856bbcN.exe
Size

8.2MB
Sample

241112-elyt8sxngr
MD5

b2d2e7bb48f9a76483594e2e63ed7a55
SHA1

7567c5d07785bcad6984a938ab7645ceccc3983f
SHA256

acf9caa7c71ad2bcd57b874f2d9850a14f80447c83915b9f5c37804bca05b41a
SHA512

e8dd2075ebf4a0f527dbfcf557c352e7797500b675e9e8134ee5e556453daff940386c94f29aaafedb67a917b0dbbedb40720523349da5de4b3e80e5b58663af
SSDEEP

49152:7C0bNechC0bNechC0bNecIC0bNechC0bNechC0bNecU:V8e8e8f8e8e83

Score

10^/10

warzonerat aspackv2 discovery persistence rat

Malware Config

Targets

- Target
  
  0e04e00d34c90ca87be59fbd0048733df6e2882f50d570832f2e0e6f6c856bbcN.exe
- Size
  
  8.2MB
- MD5
  
  b2d2e7bb48f9a76483594e2e63ed7a55
- SHA1
  
  7567c5d07785bcad6984a938ab7645ceccc3983f
- SHA256
  
  acf9caa7c71ad2bcd57b874f2d9850a14f80447c83915b9f5c37804bca05b41a
- SHA512
  
  e8dd2075ebf4a0f527dbfcf557c352e7797500b675e9e8134ee5e556453daff940386c94f29aaafedb67a917b0dbbedb40720523349da5de4b3e80e5b58663af
- SSDEEP
  
  49152:7C0bNechC0bNechC0bNecIC0bNechC0bNechC0bNecU:V8e8e8f8e8e83
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

rataspackv2warzonerat

behavioral1

discoverypersistence

behavioral2

discoverypersistence