warzonerat | ec1e2ba978700c66e6fb4df6533559ea07c40f655b603c452ebf75773ec3f01f | Triage

Sharing

General

Target

ec1e2ba978700c66e6fb4df6533559ea07c40f655b603c452ebf75773ec3f01f.exe
Size

8.2MB
Sample

241201-yagw5atren
MD5

c988089839aac095b69ecb3f3a9e880c
SHA1

0b4325177d678ee13398646bff44a91f59c3b49c
SHA256

ec1e2ba978700c66e6fb4df6533559ea07c40f655b603c452ebf75773ec3f01f
SHA512

0a0eebbd285242de85381eaea6ad8fb05bdae64ee06a0ad9ff1e62920730d8bbb9be58eb2ee68082951a72ecd640b4ebe7d97ec7a9512a2ec63d0d2f7fcf0dba
SSDEEP

49152:7C0bNechC0bNechC0bNecIC0bNechC0bNechC0bNecz:V8e8e8f8e8e80

Score

10^/10

warzonerat aspackv2 discovery persistence rat

Malware Config

Targets

- Target
  
  ec1e2ba978700c66e6fb4df6533559ea07c40f655b603c452ebf75773ec3f01f.exe
- Size
  
  8.2MB
- MD5
  
  c988089839aac095b69ecb3f3a9e880c
- SHA1
  
  0b4325177d678ee13398646bff44a91f59c3b49c
- SHA256
  
  ec1e2ba978700c66e6fb4df6533559ea07c40f655b603c452ebf75773ec3f01f
- SHA512
  
  0a0eebbd285242de85381eaea6ad8fb05bdae64ee06a0ad9ff1e62920730d8bbb9be58eb2ee68082951a72ecd640b4ebe7d97ec7a9512a2ec63d0d2f7fcf0dba
- SSDEEP
  
  49152:7C0bNechC0bNechC0bNecIC0bNechC0bNechC0bNecz:V8e8e8f8e8e80
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

rataspackv2warzonerat

behavioral1

discoverypersistence

behavioral2

discoverypersistence