warzonerat | 0324d1b34bebe7b77d1cfdc221044b791c2457f317856b8e2bd202ffc6ddae4e | Triage

Sharing

General

Target

0324d1b34bebe7b77d1cfdc221044b791c2457f317856b8e2bd202ffc6ddae4e.exe
Size

1.8MB
Sample

250108-bd5e9syqan
MD5

4d11511b93489744578eff259e3ac166
SHA1

ee585b07a14e535e3abc07550c5c6aaf6412fd50
SHA256

0324d1b34bebe7b77d1cfdc221044b791c2457f317856b8e2bd202ffc6ddae4e
SHA512

5775493e7c2ae93aa7772b60057cfbf75ae2c9c864f83da76269b9e3fdf7dabb76247300158256c9b5a553f37b00b6d3dea260adb1dc68874a7a44efbaa979e5
SSDEEP

12288:BUrjP8Xuc2UY0B8TIwDDMistJ6gicRzubSFJeOgTpBA7W2FeDSIGVH/KIDgDgUew:ujjSYIUDJ86giGTPQDbGV6eH81k0

Score

10^/10

warzonerat discovery persistence rat

Malware Config

Targets

- Target
  
  0324d1b34bebe7b77d1cfdc221044b791c2457f317856b8e2bd202ffc6ddae4e.exe
- Size
  
  1.8MB
- MD5
  
  4d11511b93489744578eff259e3ac166
- SHA1
  
  ee585b07a14e535e3abc07550c5c6aaf6412fd50
- SHA256
  
  0324d1b34bebe7b77d1cfdc221044b791c2457f317856b8e2bd202ffc6ddae4e
- SHA512
  
  5775493e7c2ae93aa7772b60057cfbf75ae2c9c864f83da76269b9e3fdf7dabb76247300158256c9b5a553f37b00b6d3dea260adb1dc68874a7a44efbaa979e5
- SSDEEP
  
  12288:BUrjP8Xuc2UY0B8TIwDDMistJ6gicRzubSFJeOgTpBA7W2FeDSIGVH/KIDgDgUew:ujjSYIUDJ86giGTPQDbGV6eH81k0
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence