warzonerat | e9ce3b1bfcfe1a83dc74637b69b0b7205d058a9b870cce008034fb3035330cd6 | Triage

Sharing

General

Target

e9ce3b1bfcfe1a83dc74637b69b0b7205d058a9b870cce008034fb3035330cd6.exe
Size

8.9MB
Sample

241222-l7je1atpaw
MD5

cddda85a6a9d2cb4a6864fe7dc9205ab
SHA1

626c78f3d0fb3fef719bce777c390ed1a749cb17
SHA256

e9ce3b1bfcfe1a83dc74637b69b0b7205d058a9b870cce008034fb3035330cd6
SHA512

22eade74861eef9261f13c4418e11a568fdfb5317f07fd28c709c772b5aee1317599a45565650cc98795bb02a9a1865e65a2196af83f9404c3fc4f5886ac2722
SSDEEP

49152:K1XP6rPbNechC0bNechC0bNecIC0bNechC0bNechC0bNece:K1+8e8e8f8e8e8p

Score

10^/10

warzonerat discovery persistence rat

Malware Config

Targets

- Target
  
  e9ce3b1bfcfe1a83dc74637b69b0b7205d058a9b870cce008034fb3035330cd6.exe
- Size
  
  8.9MB
- MD5
  
  cddda85a6a9d2cb4a6864fe7dc9205ab
- SHA1
  
  626c78f3d0fb3fef719bce777c390ed1a749cb17
- SHA256
  
  e9ce3b1bfcfe1a83dc74637b69b0b7205d058a9b870cce008034fb3035330cd6
- SHA512
  
  22eade74861eef9261f13c4418e11a568fdfb5317f07fd28c709c772b5aee1317599a45565650cc98795bb02a9a1865e65a2196af83f9404c3fc4f5886ac2722
- SSDEEP
  
  49152:K1XP6rPbNechC0bNechC0bNecIC0bNechC0bNechC0bNece:K1+8e8e8f8e8e8p
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence