warzonerat | f6f02f06897e8fb0b250db37686aeb46660524f11214f65d84567e7fc984a095 | Triage

Sharing

General

Target

f6f02f06897e8fb0b250db37686aeb46660524f11214f65d84567e7fc984a095N.exe
Size

8.8MB
Sample

241210-pe8e7szpem
MD5

90ee21a1c0084f2ca5aad3e4e876da90
SHA1

d3020ef1a38352f85b70b545ccb98c59434c3740
SHA256

f6f02f06897e8fb0b250db37686aeb46660524f11214f65d84567e7fc984a095
SHA512

3b51557d50026d7babec01d0f467576dc67ea2768755815099a780fd434786189efee20e5e655aa81c4d2bf8e2dd5b9adaa00af071358fa237f6622f7fb53585
SSDEEP

49152:K1XP6rPbNechC0bNechC0bNecIC0bNechC0bNechC0bNece:K1+8e8e8f8e8e8/

Score

10^/10

warzonerat discovery persistence rat

Malware Config

Targets

- Target
  
  f6f02f06897e8fb0b250db37686aeb46660524f11214f65d84567e7fc984a095N.exe
- Size
  
  8.8MB
- MD5
  
  90ee21a1c0084f2ca5aad3e4e876da90
- SHA1
  
  d3020ef1a38352f85b70b545ccb98c59434c3740
- SHA256
  
  f6f02f06897e8fb0b250db37686aeb46660524f11214f65d84567e7fc984a095
- SHA512
  
  3b51557d50026d7babec01d0f467576dc67ea2768755815099a780fd434786189efee20e5e655aa81c4d2bf8e2dd5b9adaa00af071358fa237f6622f7fb53585
- SSDEEP
  
  49152:K1XP6rPbNechC0bNechC0bNecIC0bNechC0bNechC0bNece:K1+8e8e8f8e8e8/
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence