warzonerat | 623a322a3781c61a0275e1f6a0cbefeb5994d10899ecc21652602465def52b69 | Triage

Sharing

General

Target

623a322a3781c61a0275e1f6a0cbefeb5994d10899ecc21652602465def52b69.exe
Size

6.4MB
Sample

241128-bk7h7symht
MD5

8f54c23c3e99df42fd8c751bc1cd4b17
SHA1

fc99721a7d5286bb3f95e5e43ae1065b6152e632
SHA256

623a322a3781c61a0275e1f6a0cbefeb5994d10899ecc21652602465def52b69
SHA512

f9da8ddb09dc27bcdfbe6107a284092f412c3776d5dc311f5fccf9bf03439d6ceaba3eded590866eea9ab7c718325f8e022993ddd1fd1a8b6c95a6381109372e
SSDEEP

49152:7C0bNechC0bNechC0bNecIC0bNechC0bNechCL:V8e8e8f8e87

Score

10^/10

warzonerat aspackv2 discovery persistence rat

Malware Config

Targets

- Target
  
  623a322a3781c61a0275e1f6a0cbefeb5994d10899ecc21652602465def52b69.exe
- Size
  
  6.4MB
- MD5
  
  8f54c23c3e99df42fd8c751bc1cd4b17
- SHA1
  
  fc99721a7d5286bb3f95e5e43ae1065b6152e632
- SHA256
  
  623a322a3781c61a0275e1f6a0cbefeb5994d10899ecc21652602465def52b69
- SHA512
  
  f9da8ddb09dc27bcdfbe6107a284092f412c3776d5dc311f5fccf9bf03439d6ceaba3eded590866eea9ab7c718325f8e022993ddd1fd1a8b6c95a6381109372e
- SSDEEP
  
  49152:7C0bNechC0bNechC0bNecIC0bNechC0bNechCL:V8e8e8f8e87
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

rataspackv2warzonerat

behavioral1

discoverypersistence

behavioral2

discoverypersistence