warzonerat | a9de4c054889ccea8a3fa54f76aea6d1b3cd6b6483cb505b9058f5b38d560c4f | Triage

Sharing

General

Target

a9de4c054889ccea8a3fa54f76aea6d1b3cd6b6483cb505b9058f5b38d560c4f.exe
Size

1.8MB
Sample

241122-wnn69avqcy
MD5

240274efcb7715d66ade21409bc0c553
SHA1

0aa5d007db60dd6db0d39efb52b8e76fb555b8de
SHA256

a9de4c054889ccea8a3fa54f76aea6d1b3cd6b6483cb505b9058f5b38d560c4f
SHA512

4498744494667ae23fe7ba1ea415814a6ab8ae5a779c97f07dfc08c651bd932a53244e4803ca3cc0b4f3155438ca219ad6adf79c596b9aba3c581294f37aa329
SSDEEP

12288:BUrjP8Xuc2UY0B8TIwDDMistJ6gicRzubSFJeOgTpBA7W2FeDSIGVH/KIDgDgUem:ujjSYIUDJ86giGTPQDbGV6eH81kC

Score

10^/10

warzonerat discovery persistence rat

Malware Config

Targets

- Target
  
  a9de4c054889ccea8a3fa54f76aea6d1b3cd6b6483cb505b9058f5b38d560c4f.exe
- Size
  
  1.8MB
- MD5
  
  240274efcb7715d66ade21409bc0c553
- SHA1
  
  0aa5d007db60dd6db0d39efb52b8e76fb555b8de
- SHA256
  
  a9de4c054889ccea8a3fa54f76aea6d1b3cd6b6483cb505b9058f5b38d560c4f
- SHA512
  
  4498744494667ae23fe7ba1ea415814a6ab8ae5a779c97f07dfc08c651bd932a53244e4803ca3cc0b4f3155438ca219ad6adf79c596b9aba3c581294f37aa329
- SSDEEP
  
  12288:BUrjP8Xuc2UY0B8TIwDDMistJ6gicRzubSFJeOgTpBA7W2FeDSIGVH/KIDgDgUem:ujjSYIUDJ86giGTPQDbGV6eH81kC
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence