warzonerat | e1d9836ed17d43639101196df7afffb8854ebd5a08016893de0e68af0d06b79c | Triage

Sharing

General

Target

e1d9836ed17d43639101196df7afffb8854ebd5a08016893de0e68af0d06b79c.exe
Size

2.9MB
Sample

241202-tda6jawpfl
MD5

f69d79afc34af3c5b8a7479553f66e7c
SHA1

7c131853197400eebfff02a4372c63183c70d72e
SHA256

e1d9836ed17d43639101196df7afffb8854ebd5a08016893de0e68af0d06b79c
SHA512

1f2f323bf5d73b660d2e5d97eade51e70143096c4dd427807dbc67ae71c4e157fecbc4bbdfd23ee690bd27ef85a3992a8c583f70e0cc3fb79bf4767c9cff1e45
SSDEEP

24576:7v97AXmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHD:7v97AXmw4gxeOw46fUbNecCCFbNec0

Score

10^/10

warzonerat discovery persistence rat

Malware Config

Targets

- Target
  
  e1d9836ed17d43639101196df7afffb8854ebd5a08016893de0e68af0d06b79c.exe
- Size
  
  2.9MB
- MD5
  
  f69d79afc34af3c5b8a7479553f66e7c
- SHA1
  
  7c131853197400eebfff02a4372c63183c70d72e
- SHA256
  
  e1d9836ed17d43639101196df7afffb8854ebd5a08016893de0e68af0d06b79c
- SHA512
  
  1f2f323bf5d73b660d2e5d97eade51e70143096c4dd427807dbc67ae71c4e157fecbc4bbdfd23ee690bd27ef85a3992a8c583f70e0cc3fb79bf4767c9cff1e45
- SSDEEP
  
  24576:7v97AXmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHD:7v97AXmw4gxeOw46fUbNecCCFbNec0
Score

7^/10

discovery persistence
- Drops startup file
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence