warzonerat | d5d423dc5f5ad8dd71caf8ed9d4977240f8c3d0329d8980a2ae32b206663f3c2 | Triage

Sharing

General

Target

d5d423dc5f5ad8dd71caf8ed9d4977240f8c3d0329d8980a2ae32b206663f3c2N.exe
Size

1.7MB
Sample

241119-2ty7asvfqm
MD5

6af639b5325953ec3ce8cccf5620f3e0
SHA1

00db417de67e727d481ca14b066f63785ddff8f8
SHA256

d5d423dc5f5ad8dd71caf8ed9d4977240f8c3d0329d8980a2ae32b206663f3c2
SHA512

de42c64b3370bb7f99dd912bbcd5f790ee884e49cf75e17ad5da41b8c0c228e3341d5eab90321dac6df64f920f44b8007ca3f11ae7c740b2cf48af9896d22091
SSDEEP

24576:eTy7ASmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0Gof:eTy7ASmw4gxeOw46fUbNecCCs

Score

10^/10

warzonerat discovery persistence rat

Malware Config

Targets

- Target
  
  d5d423dc5f5ad8dd71caf8ed9d4977240f8c3d0329d8980a2ae32b206663f3c2N.exe
- Size
  
  1.7MB
- MD5
  
  6af639b5325953ec3ce8cccf5620f3e0
- SHA1
  
  00db417de67e727d481ca14b066f63785ddff8f8
- SHA256
  
  d5d423dc5f5ad8dd71caf8ed9d4977240f8c3d0329d8980a2ae32b206663f3c2
- SHA512
  
  de42c64b3370bb7f99dd912bbcd5f790ee884e49cf75e17ad5da41b8c0c228e3341d5eab90321dac6df64f920f44b8007ca3f11ae7c740b2cf48af9896d22091
- SSDEEP
  
  24576:eTy7ASmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0Gof:eTy7ASmw4gxeOw46fUbNecCCs
Score

7^/10

discovery persistence
- Drops startup file
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence