warzonerat | feac25fd622345bfc8aa98032355019e72bbf6babe1d1d724c7b6e8b058b7633 | Triage

Sharing

General

Target

feac25fd622345bfc8aa98032355019e72bbf6babe1d1d724c7b6e8b058b7633.exe
Size

8.9MB
Sample

241219-njsd4ssphj
MD5

6b5cca3d1d3ff3c04f29e48b5aca6dff
SHA1

199d12a23d717e7769d445a0f3e618317c06115e
SHA256

feac25fd622345bfc8aa98032355019e72bbf6babe1d1d724c7b6e8b058b7633
SHA512

564f22c2c01377ab4752d3d3a60c8b9b84c524f5bbeb879d87a91839dd597d1f391f3a5f53e0f5cc62d19ad365a08bb4bf07cc266fb6c5f740db087f95e7e503
SSDEEP

49152:K1XP6rPbNechC0bNechC0bNecIC0bNechC0bNechC0bNecE:K1+8e8e8f8e8e8p

Score

10^/10

warzonerat discovery persistence rat

Malware Config

Targets

- Target
  
  feac25fd622345bfc8aa98032355019e72bbf6babe1d1d724c7b6e8b058b7633.exe
- Size
  
  8.9MB
- MD5
  
  6b5cca3d1d3ff3c04f29e48b5aca6dff
- SHA1
  
  199d12a23d717e7769d445a0f3e618317c06115e
- SHA256
  
  feac25fd622345bfc8aa98032355019e72bbf6babe1d1d724c7b6e8b058b7633
- SHA512
  
  564f22c2c01377ab4752d3d3a60c8b9b84c524f5bbeb879d87a91839dd597d1f391f3a5f53e0f5cc62d19ad365a08bb4bf07cc266fb6c5f740db087f95e7e503
- SSDEEP
  
  49152:K1XP6rPbNechC0bNechC0bNecIC0bNechC0bNechC0bNecE:K1+8e8e8f8e8e8p
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence