warzonerat | 72cdf86b5077fb266a437cd47c222d012b6593d63ea2a7a9b1665de53880bb9a | Triage

Sharing

General

Target

72cdf86b5077fb266a437cd47c222d012b6593d63ea2a7a9b1665de53880bb9a.exe
Size

2.9MB
Sample

250101-xqxrvaynbv
MD5

83232e1725c6af902ba9e107fba53f76
SHA1

1a4a446c038f0f80a2633ad614b0f6ff8107dbd8
SHA256

72cdf86b5077fb266a437cd47c222d012b6593d63ea2a7a9b1665de53880bb9a
SHA512

017dfd1ca22ee933dc85b1b1f0e824bcbe89be8d576b819590d0c6803f5c04535076755c978486ffcf87bcbe4d21e0af67314e5b699090ac9f297820e5a57df5
SSDEEP

24576:7v97AXmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHc:7v97AXmw4gxeOw46fUbNecCCFbNecF

Score

10^/10

warzonerat discovery persistence rat

Malware Config

Targets

- Target
  
  72cdf86b5077fb266a437cd47c222d012b6593d63ea2a7a9b1665de53880bb9a.exe
- Size
  
  2.9MB
- MD5
  
  83232e1725c6af902ba9e107fba53f76
- SHA1
  
  1a4a446c038f0f80a2633ad614b0f6ff8107dbd8
- SHA256
  
  72cdf86b5077fb266a437cd47c222d012b6593d63ea2a7a9b1665de53880bb9a
- SHA512
  
  017dfd1ca22ee933dc85b1b1f0e824bcbe89be8d576b819590d0c6803f5c04535076755c978486ffcf87bcbe4d21e0af67314e5b699090ac9f297820e5a57df5
- SSDEEP
  
  24576:7v97AXmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHc:7v97AXmw4gxeOw46fUbNecCCFbNecF
Score

7^/10

discovery persistence
- Drops startup file
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence