warzonerat | 29a632d200fd68cfdd4da333646c828fa3686b20077bf591f17eb55bb6e9cff3 | Triage

Sharing

General

Target

29a632d200fd68cfdd4da333646c828fa3686b20077bf591f17eb55bb6e9cff3.exe
Size

1.8MB
Sample

250102-eaqpgs1nh1
MD5

6811f2398096ef98b5a4847af5c5266a
SHA1

321fdb412606ed6cca766078cccaa2f0bdd00321
SHA256

29a632d200fd68cfdd4da333646c828fa3686b20077bf591f17eb55bb6e9cff3
SHA512

c38f2b35831c9aae11447cdbc1880a88204bd6b43b4a17d59fe056e906cf268fb875136f324a6e03e7325bf2341ac7abeaaf5ec0f0bac4a6e352f0f437ba0d76
SSDEEP

12288:BUrjP8Xuc2UY0B8TIwDDMistJ6gicRzubSFJeOgTpBA7W2FeDSIGVH/KIDgDgUeL:ujjSYIUDJ86giGTPQDbGV6eH81kv

Score

10^/10

warzonerat discovery persistence rat

Malware Config

Targets

- Target
  
  29a632d200fd68cfdd4da333646c828fa3686b20077bf591f17eb55bb6e9cff3.exe
- Size
  
  1.8MB
- MD5
  
  6811f2398096ef98b5a4847af5c5266a
- SHA1
  
  321fdb412606ed6cca766078cccaa2f0bdd00321
- SHA256
  
  29a632d200fd68cfdd4da333646c828fa3686b20077bf591f17eb55bb6e9cff3
- SHA512
  
  c38f2b35831c9aae11447cdbc1880a88204bd6b43b4a17d59fe056e906cf268fb875136f324a6e03e7325bf2341ac7abeaaf5ec0f0bac4a6e352f0f437ba0d76
- SSDEEP
  
  12288:BUrjP8Xuc2UY0B8TIwDDMistJ6gicRzubSFJeOgTpBA7W2FeDSIGVH/KIDgDgUeL:ujjSYIUDJ86giGTPQDbGV6eH81kv
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence