warzonerat | 2f9a7106544b092f22e38783db9c59119e46a7819e2998c8db648803d07538eb | Triage

Sharing

General

Target

2f9a7106544b092f22e38783db9c59119e46a7819e2998c8db648803d07538eb.exe
Size

8.2MB
Sample

241204-bf4xhstmdv
MD5

568982ff0b3af0e3171572ae30fe66af
SHA1

3f125efee6c7b91e0ae3570b6b0db3976fd3c5fd
SHA256

2f9a7106544b092f22e38783db9c59119e46a7819e2998c8db648803d07538eb
SHA512

2d3a56d60139842c9db3b15be23cef9b113879316cbc7178a52604f5fb4ec70b13a596253f5e6db337dac2d152a4de7470b325d0b098565a5b9f9efc409012d2
SSDEEP

49152:7C0bNechC0bNechC0bNecIC0bNechC0bNechC0bNecJ:V8e8e8f8e8e8a

Score

10^/10

warzonerat aspackv2 discovery persistence rat

Malware Config

Targets

- Target
  
  2f9a7106544b092f22e38783db9c59119e46a7819e2998c8db648803d07538eb.exe
- Size
  
  8.2MB
- MD5
  
  568982ff0b3af0e3171572ae30fe66af
- SHA1
  
  3f125efee6c7b91e0ae3570b6b0db3976fd3c5fd
- SHA256
  
  2f9a7106544b092f22e38783db9c59119e46a7819e2998c8db648803d07538eb
- SHA512
  
  2d3a56d60139842c9db3b15be23cef9b113879316cbc7178a52604f5fb4ec70b13a596253f5e6db337dac2d152a4de7470b325d0b098565a5b9f9efc409012d2
- SSDEEP
  
  49152:7C0bNechC0bNechC0bNecIC0bNechC0bNechC0bNecJ:V8e8e8f8e8e8a
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

rataspackv2warzonerat

behavioral1

discoverypersistence

behavioral2

discoverypersistence