warzonerat | 32942540c800457f0d61c7198ad1b771dd923a0f8d52754b6aedf15be746c359 | Triage

Sharing

General

Target

32942540c800457f0d61c7198ad1b771dd923a0f8d52754b6aedf15be746c359.exe
Size

1.8MB
Sample

241129-sjlzjswpgr
MD5

b124d138aa5c76733b83e804e61dbd24
SHA1

a9f5f6086fa674702eb0f3cab0e9973ea0f9d13c
SHA256

32942540c800457f0d61c7198ad1b771dd923a0f8d52754b6aedf15be746c359
SHA512

f66f084ff3578f8e374d1d337250c3e570b020ff3ca6210f4108786f77a0d7c9895a0aad0a5ace66e0eb54f138b8a72489a1b52d26eec38b8a1b0a455742be1c
SSDEEP

49152:unX5MP0bNeclxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxJ:upV8mxxxxxxxxxxxxxxxxxxxxxxxxxx7

Score

10^/10

warzonerat discovery persistence rat

Malware Config

Targets

- Target
  
  32942540c800457f0d61c7198ad1b771dd923a0f8d52754b6aedf15be746c359.exe
- Size
  
  1.8MB
- MD5
  
  b124d138aa5c76733b83e804e61dbd24
- SHA1
  
  a9f5f6086fa674702eb0f3cab0e9973ea0f9d13c
- SHA256
  
  32942540c800457f0d61c7198ad1b771dd923a0f8d52754b6aedf15be746c359
- SHA512
  
  f66f084ff3578f8e374d1d337250c3e570b020ff3ca6210f4108786f77a0d7c9895a0aad0a5ace66e0eb54f138b8a72489a1b52d26eec38b8a1b0a455742be1c
- SSDEEP
  
  49152:unX5MP0bNeclxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxJ:upV8mxxxxxxxxxxxxxxxxxxxxxxxxxx7
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence