warzonerat | 4014f5cc81efa01fe93d0649619bca895c823a185150edf702f72362c34f556d | Triage

Sharing

General

Target

4014f5cc81efa01fe93d0649619bca895c823a185150edf702f72362c34f556d.exe
Size

1.8MB
Sample

241218-f3yq8svmgx
MD5

a410f9d54f7d083ea19b9df657606035
SHA1

d9741c58ec4b518f86c3b6033204307b2bac6249
SHA256

4014f5cc81efa01fe93d0649619bca895c823a185150edf702f72362c34f556d
SHA512

a51d2c9dbb5781836dd5d9cce79f2bb587aa0847c1de0710bd61a789b988fccce5d33a0e4296c89102d1b25fc0ea4ad020dd173dd69896a3056723af5f06b085
SSDEEP

12288:BUrjP8Xuc2UY0B8TIwDDMistJ6gicRzubSFJeOgTpBA7W2FeDSIGVH/KIDgDgUek:ujjSYIUDJ86giGTPQDbGV6eH81k4

Score

10^/10

warzonerat discovery persistence rat

Malware Config

Targets

- Target
  
  4014f5cc81efa01fe93d0649619bca895c823a185150edf702f72362c34f556d.exe
- Size
  
  1.8MB
- MD5
  
  a410f9d54f7d083ea19b9df657606035
- SHA1
  
  d9741c58ec4b518f86c3b6033204307b2bac6249
- SHA256
  
  4014f5cc81efa01fe93d0649619bca895c823a185150edf702f72362c34f556d
- SHA512
  
  a51d2c9dbb5781836dd5d9cce79f2bb587aa0847c1de0710bd61a789b988fccce5d33a0e4296c89102d1b25fc0ea4ad020dd173dd69896a3056723af5f06b085
- SSDEEP
  
  12288:BUrjP8Xuc2UY0B8TIwDDMistJ6gicRzubSFJeOgTpBA7W2FeDSIGVH/KIDgDgUek:ujjSYIUDJ86giGTPQDbGV6eH81k4
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence