warzonerat | 8d98ba8e009dd512fa1bac6fcba7231ac23c3fa615dfc14052597a9a5c8c8b63 | Triage

Sharing

General

Target

8d98ba8e009dd512fa1bac6fcba7231ac23c3fa615dfc14052597a9a5c8c8b63.exe
Size

8.2MB
Sample

241203-ymgrws1lgx
MD5

49de115fdbf3e801dc7dde2f780ef2f3
SHA1

c8e34ea23b5309ccb11a132b2790165ebef5fb09
SHA256

8d98ba8e009dd512fa1bac6fcba7231ac23c3fa615dfc14052597a9a5c8c8b63
SHA512

446d8579c9c311651a896c55783fb0e8db5714e387b901b158551341fc83b49217a5bafae82a49d1fbc516ebbe8f14c4079a3c9fc30dd27c883fa890ede1b764
SSDEEP

49152:7C0bNechC0bNechC0bNecIC0bNechC0bNechC0bNecD:V8e8e8f8e8e8O

Score

10^/10

warzonerat aspackv2 discovery persistence rat

Malware Config

Targets

- Target
  
  8d98ba8e009dd512fa1bac6fcba7231ac23c3fa615dfc14052597a9a5c8c8b63.exe
- Size
  
  8.2MB
- MD5
  
  49de115fdbf3e801dc7dde2f780ef2f3
- SHA1
  
  c8e34ea23b5309ccb11a132b2790165ebef5fb09
- SHA256
  
  8d98ba8e009dd512fa1bac6fcba7231ac23c3fa615dfc14052597a9a5c8c8b63
- SHA512
  
  446d8579c9c311651a896c55783fb0e8db5714e387b901b158551341fc83b49217a5bafae82a49d1fbc516ebbe8f14c4079a3c9fc30dd27c883fa890ede1b764
- SSDEEP
  
  49152:7C0bNechC0bNechC0bNecIC0bNechC0bNechC0bNecD:V8e8e8f8e8e8O
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

rataspackv2warzonerat

behavioral1

discoverypersistence

behavioral2

discoverypersistence