warzonerat | acf9caa7c71ad2bcd57b874f2d9850a14f80447c83915b9f5c37804bca05b41a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

0e04e00d34...cN.exe

windows7-x64

6

0e04e00d34...cN.exe

windows10-2004-x64

6

Sharing

General

Target

0e04e00d34c90ca87be59fbd0048733df6e2882f50d570832f2e0e6f6c856bbcN.exe
Size

8.2MB
Sample

241112-elyt8sxngr
MD5

b2d2e7bb48f9a76483594e2e63ed7a55
SHA1

7567c5d07785bcad6984a938ab7645ceccc3983f
SHA256

acf9caa7c71ad2bcd57b874f2d9850a14f80447c83915b9f5c37804bca05b41a
SHA512

e8dd2075ebf4a0f527dbfcf557c352e7797500b675e9e8134ee5e556453daff940386c94f29aaafedb67a917b0dbbedb40720523349da5de4b3e80e5b58663af
SSDEEP

49152:7C0bNechC0bNechC0bNecIC0bNechC0bNechC0bNecU:V8e8e8f8e8e83

Score

10^/10

warzonerat aspackv2 discovery persistence rat

Static task

static1

rat aspackv2 warzonerat

4 signatures

Behavioral task

behavioral1

Sample

0e04e00d34c90ca87be59fbd0048733df6e2882f50d570832f2e0e6f6c856bbcN.exe

Resource

win7-20240903-en

discovery persistence

windows7-x64

6 signatures

120 seconds

Behavioral task

behavioral2

Sample

0e04e00d34c90ca87be59fbd0048733df6e2882f50d570832f2e0e6f6c856bbcN.exe

Resource

win10v2004-20241007-en

discovery persistence

windows10-2004-x64

6 signatures

120 seconds

Malware Config

Targets

- Target
  
  0e04e00d34c90ca87be59fbd0048733df6e2882f50d570832f2e0e6f6c856bbcN.exe
- Size
  
  8.2MB
- MD5
  
  b2d2e7bb48f9a76483594e2e63ed7a55
- SHA1
  
  7567c5d07785bcad6984a938ab7645ceccc3983f
- SHA256
  
  acf9caa7c71ad2bcd57b874f2d9850a14f80447c83915b9f5c37804bca05b41a
- SHA512
  
  e8dd2075ebf4a0f527dbfcf557c352e7797500b675e9e8134ee5e556453daff940386c94f29aaafedb67a917b0dbbedb40720523349da5de4b3e80e5b58663af
- SSDEEP
  
  49152:7C0bNechC0bNechC0bNecIC0bNechC0bNechC0bNecU:V8e8e8f8e8e83
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

rataspackv2warzonerat

behavioral1

discoverypersistence

behavioral2

discoverypersistence

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.