warzonerat | 51bbfb3336012efa542943bc94963cea7f7a173b17f30817de3d0e6493015c42 | Triage

Sharing

General

Target

51bbfb3336012efa542943bc94963cea7f7a173b17f30817de3d0e6493015c42.exe
Size

8.2MB
Sample

241204-gedxlatrfx
MD5

7cb4864232cd5461fc077f4fa41264fe
SHA1

a8543dd543b2f25d1cd42ecd1af83b1da436ddcf
SHA256

51bbfb3336012efa542943bc94963cea7f7a173b17f30817de3d0e6493015c42
SHA512

7c297f4307684dc147acc02688a6e25c885013873e0270cb2fa126edf6a0b150a626129f42567f09d5e70932e0758e7f21338b234dfe3aa5af1a60cfd90cb2cf
SSDEEP

49152:7C0bNechC0bNechC0bNecIC0bNechC0bNechC0bNecs:V8e8e8f8e8e8F

Score

10^/10

warzonerat aspackv2 discovery persistence rat

Malware Config

Targets

- Target
  
  51bbfb3336012efa542943bc94963cea7f7a173b17f30817de3d0e6493015c42.exe
- Size
  
  8.2MB
- MD5
  
  7cb4864232cd5461fc077f4fa41264fe
- SHA1
  
  a8543dd543b2f25d1cd42ecd1af83b1da436ddcf
- SHA256
  
  51bbfb3336012efa542943bc94963cea7f7a173b17f30817de3d0e6493015c42
- SHA512
  
  7c297f4307684dc147acc02688a6e25c885013873e0270cb2fa126edf6a0b150a626129f42567f09d5e70932e0758e7f21338b234dfe3aa5af1a60cfd90cb2cf
- SSDEEP
  
  49152:7C0bNechC0bNechC0bNecIC0bNechC0bNechC0bNecs:V8e8e8f8e8e8F
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

rataspackv2warzonerat

behavioral1

discoverypersistence

behavioral2

discoverypersistence