warzonerat | c15ab484d2cd92f58d7b3fbfa68babd6bfc1946f62a71568c27c107268a332b6 | Triage

Sharing

General

Target

c15ab484d2cd92f58d7b3fbfa68babd6bfc1946f62a71568c27c107268a332b6.exe
Size

8.8MB
Sample

241210-j8dvsszqh1
MD5

9aee068d3fc82832556ee222f94ec7d1
SHA1

50dde7d338a3fd3ab6e6ef590efe742d1c3c3f48
SHA256

c15ab484d2cd92f58d7b3fbfa68babd6bfc1946f62a71568c27c107268a332b6
SHA512

f457c4de73632dd8cab64ae9996b2570250231a289de34d7cb55a63d4d0410a566a8a872af8e045287428d597ba8ea98fc469a13198963dc61d99730fad0b1ac
SSDEEP

49152:K1XP6rPbNechC0bNechC0bNecIC0bNechC0bNechC0bNecq:K1+8e8e8f8e8e8d

Score

10^/10

warzonerat discovery persistence rat

Malware Config

Targets

- Target
  
  c15ab484d2cd92f58d7b3fbfa68babd6bfc1946f62a71568c27c107268a332b6.exe
- Size
  
  8.8MB
- MD5
  
  9aee068d3fc82832556ee222f94ec7d1
- SHA1
  
  50dde7d338a3fd3ab6e6ef590efe742d1c3c3f48
- SHA256
  
  c15ab484d2cd92f58d7b3fbfa68babd6bfc1946f62a71568c27c107268a332b6
- SHA512
  
  f457c4de73632dd8cab64ae9996b2570250231a289de34d7cb55a63d4d0410a566a8a872af8e045287428d597ba8ea98fc469a13198963dc61d99730fad0b1ac
- SSDEEP
  
  49152:K1XP6rPbNechC0bNechC0bNecIC0bNechC0bNechC0bNecq:K1+8e8e8f8e8e8d
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence