warzonerat | f416c3db491954766fa20796806ed2d3d6827d6744c547beac7c33d6666094d3 | Triage

Sharing

General

Target

f416c3db491954766fa20796806ed2d3d6827d6744c547beac7c33d6666094d3.exe
Size

2.9MB
Sample

241206-k5gmyszncy
MD5

8208f66cde069f40e891527615147ffc
SHA1

fdb5489ee6610e1dfd1611b28f0ead65eb4fba73
SHA256

f416c3db491954766fa20796806ed2d3d6827d6744c547beac7c33d6666094d3
SHA512

4193c19cd7b348cb9e5e5b176a1f662fa59bc74dd5910de3e973917a7b0ba72f147a6481a38cf45d14c6fcc1b53115a09107ecb0b9b57e86816cc33537eb4896
SSDEEP

24576:7v97AXmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHV:7v97AXmw4gxeOw46fUbNecCCFbNecA

Score

10^/10

warzonerat discovery persistence rat

Malware Config

Targets

- Target
  
  f416c3db491954766fa20796806ed2d3d6827d6744c547beac7c33d6666094d3.exe
- Size
  
  2.9MB
- MD5
  
  8208f66cde069f40e891527615147ffc
- SHA1
  
  fdb5489ee6610e1dfd1611b28f0ead65eb4fba73
- SHA256
  
  f416c3db491954766fa20796806ed2d3d6827d6744c547beac7c33d6666094d3
- SHA512
  
  4193c19cd7b348cb9e5e5b176a1f662fa59bc74dd5910de3e973917a7b0ba72f147a6481a38cf45d14c6fcc1b53115a09107ecb0b9b57e86816cc33537eb4896
- SSDEEP
  
  24576:7v97AXmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHV:7v97AXmw4gxeOw46fUbNecCCFbNecA
Score

7^/10

discovery persistence
- Drops startup file
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence