warzonerat | c8381f17940b066d9a60bad42f0076d177bee132cbb7df4f4f8f6c870b10327b | Triage

Sharing

General

Target

c8381f17940b066d9a60bad42f0076d177bee132cbb7df4f4f8f6c870b10327b.exe
Size

8.9MB
Sample

241115-z4lylswlfp
MD5

6284ca6dc9fa2044753317eecbc73d50
SHA1

dbaff05c711f46d8afccd91779a9539585fd609a
SHA256

c8381f17940b066d9a60bad42f0076d177bee132cbb7df4f4f8f6c870b10327b
SHA512

2a748db384390a1ebc4df7cdd90559be14d6d29634faa15829e944f2db6ab6433bba35758c14d8eb42d1275e94d8f9928b22d8fead46ef1d60bf29f47d5f89a0
SSDEEP

49152:K1XP6rPbNechC0bNechC0bNecIC0bNechC0bNechC0bNece:K1+8e8e8f8e8e8B

Score

10^/10

warzonerat discovery persistence rat

Malware Config

Targets

- Target
  
  c8381f17940b066d9a60bad42f0076d177bee132cbb7df4f4f8f6c870b10327b.exe
- Size
  
  8.9MB
- MD5
  
  6284ca6dc9fa2044753317eecbc73d50
- SHA1
  
  dbaff05c711f46d8afccd91779a9539585fd609a
- SHA256
  
  c8381f17940b066d9a60bad42f0076d177bee132cbb7df4f4f8f6c870b10327b
- SHA512
  
  2a748db384390a1ebc4df7cdd90559be14d6d29634faa15829e944f2db6ab6433bba35758c14d8eb42d1275e94d8f9928b22d8fead46ef1d60bf29f47d5f89a0
- SSDEEP
  
  49152:K1XP6rPbNechC0bNechC0bNecIC0bNechC0bNechC0bNece:K1+8e8e8f8e8e8B
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence