warzonerat | e94471c94c29062055f2fd7f44dada1b924f050a29787e76b4b13c385df2d6cc | Triage

Sharing

General

Target

e94471c94c29062055f2fd7f44dada1b924f050a29787e76b4b13c385df2d6cc.exe
Size

8.2MB
Sample

241127-dbmtjstjcy
MD5

6875141dbd9cbf9a25f03aae62838ded
SHA1

8720535f95117dd95a9c5bbc0f2de00ffd635f23
SHA256

e94471c94c29062055f2fd7f44dada1b924f050a29787e76b4b13c385df2d6cc
SHA512

07187da45af1cb79d386318d5e95d439eb21c43f9fb574b7bb82f5f8d5915d6c9f5a4c08df40ef8428f4a1498c10714011508e212d61a37926db5475516a1501
SSDEEP

49152:7C0bNechC0bNechC0bNecIC0bNechC0bNechC0bNeck:V8e8e8f8e8e8l

Score

10^/10

warzonerat aspackv2 discovery persistence rat

Malware Config

Targets

- Target
  
  e94471c94c29062055f2fd7f44dada1b924f050a29787e76b4b13c385df2d6cc.exe
- Size
  
  8.2MB
- MD5
  
  6875141dbd9cbf9a25f03aae62838ded
- SHA1
  
  8720535f95117dd95a9c5bbc0f2de00ffd635f23
- SHA256
  
  e94471c94c29062055f2fd7f44dada1b924f050a29787e76b4b13c385df2d6cc
- SHA512
  
  07187da45af1cb79d386318d5e95d439eb21c43f9fb574b7bb82f5f8d5915d6c9f5a4c08df40ef8428f4a1498c10714011508e212d61a37926db5475516a1501
- SSDEEP
  
  49152:7C0bNechC0bNechC0bNecIC0bNechC0bNechC0bNeck:V8e8e8f8e8e8l
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

rataspackv2warzonerat

behavioral1

discoverypersistence

behavioral2

discoverypersistence