warzonerat | ce7a54265cc95fefea56a2c1ba2ab25af36535ec4540ad97addd1791400f74e2 | Triage

Sharing

General

Target

ce7a54265cc95fefea56a2c1ba2ab25af36535ec4540ad97addd1791400f74e2.exe
Size

8.9MB
Sample

241217-3q76gatrgk
MD5

8d205469163f84b7226204f6848aa16c
SHA1

2bf3836fb5b50632677938ca6ab6f9e46c94501d
SHA256

ce7a54265cc95fefea56a2c1ba2ab25af36535ec4540ad97addd1791400f74e2
SHA512

bd4035a0ef21dd85af67e480515fa92d4a0c501c5c22d992a9c2a58deb2664629a30158d6cf679a86108c55ea2dc231a734cf4349b782a4f9ae43d6acafbb63f
SSDEEP

49152:K1XP6rPbNechC0bNechC0bNecIC0bNechC0bNechC0bNecU:K1+8e8e8f8e8e87

Score

10^/10

warzonerat discovery persistence rat

Malware Config

Targets

- Target
  
  ce7a54265cc95fefea56a2c1ba2ab25af36535ec4540ad97addd1791400f74e2.exe
- Size
  
  8.9MB
- MD5
  
  8d205469163f84b7226204f6848aa16c
- SHA1
  
  2bf3836fb5b50632677938ca6ab6f9e46c94501d
- SHA256
  
  ce7a54265cc95fefea56a2c1ba2ab25af36535ec4540ad97addd1791400f74e2
- SHA512
  
  bd4035a0ef21dd85af67e480515fa92d4a0c501c5c22d992a9c2a58deb2664629a30158d6cf679a86108c55ea2dc231a734cf4349b782a4f9ae43d6acafbb63f
- SSDEEP
  
  49152:K1XP6rPbNechC0bNechC0bNecIC0bNechC0bNechC0bNecU:K1+8e8e8f8e8e87
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence