warzonerat | ae22751a9d5ef9ccd866672d9643e2a478fb3bbd25ba8872ca6bb3d3e2f9cf12 | Triage

Sharing

General

Target

9d16c6d896a5cceac40f9c65d0c78f76ff57ee468a4708d74f4e74a832d43e78N.exe
Size

2.9MB
Sample

241112-ltws6szemk
MD5

dd4af4725086f895224af3651b89cdbf
SHA1

bb743ac023397f2d2b7d34cf4e6239de242de623
SHA256

ae22751a9d5ef9ccd866672d9643e2a478fb3bbd25ba8872ca6bb3d3e2f9cf12
SHA512

5c1eb5fd82aa32a321530ced26d2491c89416367bbea3501c08da244522f275a458bcc57c2fd2213b73b6cd769dc9ece8e98dff7f69df0d0e2adb1060875e7bd
SSDEEP

24576:7v97AXmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHw:7v97AXmw4gxeOw46fUbNecCCFbNecB

Score

10^/10

warzonerat discovery persistence rat

Malware Config

Targets

- Target
  
  9d16c6d896a5cceac40f9c65d0c78f76ff57ee468a4708d74f4e74a832d43e78N.exe
- Size
  
  2.9MB
- MD5
  
  dd4af4725086f895224af3651b89cdbf
- SHA1
  
  bb743ac023397f2d2b7d34cf4e6239de242de623
- SHA256
  
  ae22751a9d5ef9ccd866672d9643e2a478fb3bbd25ba8872ca6bb3d3e2f9cf12
- SHA512
  
  5c1eb5fd82aa32a321530ced26d2491c89416367bbea3501c08da244522f275a458bcc57c2fd2213b73b6cd769dc9ece8e98dff7f69df0d0e2adb1060875e7bd
- SSDEEP
  
  24576:7v97AXmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHw:7v97AXmw4gxeOw46fUbNecCCFbNecB
Score

7^/10

discovery persistence
- Drops startup file
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence