warzonerat | 6d55651a8c3cfcb976c32db9ba6e65f439df32799a0fc61a9d4369fa4c93e9e7 | Triage

Sharing

General

Target

6d55651a8c3cfcb976c32db9ba6e65f439df32799a0fc61a9d4369fa4c93e9e7.exe
Size

1.8MB
Sample

250101-s8kssatmcq
MD5

a2f35a463e376e65b71e2c09b76459b1
SHA1

2435c0adbc008fe90dcc4f258fe475e282e10c78
SHA256

6d55651a8c3cfcb976c32db9ba6e65f439df32799a0fc61a9d4369fa4c93e9e7
SHA512

dd1f8e9f57890d31e2dcd3f9cd69c4db953cafa7707651a53aedeccaef9dd2e07f033b022532be1c2ee0e3023bcb9ce496c0e31a3ce087cc3e11e72c7dfcb404
SSDEEP

12288:BUrjP8Xuc2UY0B8TIwDDMistJ6gicRzubSFJeOgTpBA7W2FeDSIGVH/KIDgDgUe/:ujjSYIUDJ86giGTPQDbGV6eH81kj

Score

10^/10

warzonerat discovery persistence rat

Malware Config

Targets

- Target
  
  6d55651a8c3cfcb976c32db9ba6e65f439df32799a0fc61a9d4369fa4c93e9e7.exe
- Size
  
  1.8MB
- MD5
  
  a2f35a463e376e65b71e2c09b76459b1
- SHA1
  
  2435c0adbc008fe90dcc4f258fe475e282e10c78
- SHA256
  
  6d55651a8c3cfcb976c32db9ba6e65f439df32799a0fc61a9d4369fa4c93e9e7
- SHA512
  
  dd1f8e9f57890d31e2dcd3f9cd69c4db953cafa7707651a53aedeccaef9dd2e07f033b022532be1c2ee0e3023bcb9ce496c0e31a3ce087cc3e11e72c7dfcb404
- SSDEEP
  
  12288:BUrjP8Xuc2UY0B8TIwDDMistJ6gicRzubSFJeOgTpBA7W2FeDSIGVH/KIDgDgUe/:ujjSYIUDJ86giGTPQDbGV6eH81kj
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence