warzonerat | 00ccb30fc4656a6fb998d55f5057bdf9cd7226bae09252587e9262f1394a00f9 | Triage

Sharing

General

Target

00ccb30fc4656a6fb998d55f5057bdf9cd7226bae09252587e9262f1394a00f9N.exe
Size

2.8MB
Sample

241116-lakxkaspbv
MD5

c82e37a8ae9c9f6b1092aabb09dc4f90
SHA1

407bc4a6e21d246f3981042ab50a7d75547863d7
SHA256

00ccb30fc4656a6fb998d55f5057bdf9cd7226bae09252587e9262f1394a00f9
SHA512

5ca278c3416c130eb86f53a5e724eace9028d4ae37f6a4bc957c26a4a503058aa9e642e68f465d5e121e268596a046b054d10da42d6484a0ea41b5a438228063
SSDEEP

24576:7v97AXmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHA:7v97AXmw4gxeOw46fUbNecCCFbNecp

Score

10^/10

warzonerat discovery persistence rat

Malware Config

Targets

- Target
  
  00ccb30fc4656a6fb998d55f5057bdf9cd7226bae09252587e9262f1394a00f9N.exe
- Size
  
  2.8MB
- MD5
  
  c82e37a8ae9c9f6b1092aabb09dc4f90
- SHA1
  
  407bc4a6e21d246f3981042ab50a7d75547863d7
- SHA256
  
  00ccb30fc4656a6fb998d55f5057bdf9cd7226bae09252587e9262f1394a00f9
- SHA512
  
  5ca278c3416c130eb86f53a5e724eace9028d4ae37f6a4bc957c26a4a503058aa9e642e68f465d5e121e268596a046b054d10da42d6484a0ea41b5a438228063
- SSDEEP
  
  24576:7v97AXmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHA:7v97AXmw4gxeOw46fUbNecCCFbNecp
Score

7^/10

discovery persistence
- Drops startup file
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence