warzonerat | 58bd567ad7cf2dce8bd0a728478517b1b02d27c184c58d43cf4fb5d4e0c31be5 | Triage

Sharing

General

Target

58bd567ad7cf2dce8bd0a728478517b1b02d27c184c58d43cf4fb5d4e0c31be5.exe
Size

1.2MB
Sample

241120-f177wssfjk
MD5

fc25aae0aa1c927181ff64f37de9bba4
SHA1

a3a3e9cd63bb605750e56ff63e94948b89b9219f
SHA256

58bd567ad7cf2dce8bd0a728478517b1b02d27c184c58d43cf4fb5d4e0c31be5
SHA512

29a9dfac79e4ffb158c06a2e211ca4ad0d2fd71554689cc269ad8f6e102e5e9ab5078e939f08f20fb7e8b01fcb576c4ef46bcdc1d5997bc409f3a8262b189980
SSDEEP

12288:OIbsBDU0I6+Tu0TJ0N1oYgNOFDA7W2FeDSIGVH/KIDgDgUeHbY11ku:OIbGD2JTu0GoZQDbGV6eH81ku

Score

10^/10

warzonerat aspackv2 discovery persistence rat

Malware Config

Targets

- Target
  
  58bd567ad7cf2dce8bd0a728478517b1b02d27c184c58d43cf4fb5d4e0c31be5.exe
- Size
  
  1.2MB
- MD5
  
  fc25aae0aa1c927181ff64f37de9bba4
- SHA1
  
  a3a3e9cd63bb605750e56ff63e94948b89b9219f
- SHA256
  
  58bd567ad7cf2dce8bd0a728478517b1b02d27c184c58d43cf4fb5d4e0c31be5
- SHA512
  
  29a9dfac79e4ffb158c06a2e211ca4ad0d2fd71554689cc269ad8f6e102e5e9ab5078e939f08f20fb7e8b01fcb576c4ef46bcdc1d5997bc409f3a8262b189980
- SSDEEP
  
  12288:OIbsBDU0I6+Tu0TJ0N1oYgNOFDA7W2FeDSIGVH/KIDgDgUeHbY11ku:OIbGD2JTu0GoZQDbGV6eH81ku
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

rataspackv2warzonerat

behavioral1

discoverypersistence

behavioral2

discoverypersistence