warzonerat | 4860eaf33ade5a14ebbec5344133e49b87e42bbae45ca405e46347702c16190d | Triage

Sharing

General

Target

4860eaf33ade5a14ebbec5344133e49b87e42bbae45ca405e46347702c16190d.exe
Size

1.8MB
Sample

250116-cmdjksxmfm
MD5

0d2e1637c037942ea711ea251eb426de
SHA1

2d8148cc1b60342b4a31faef7c8af1fc90582695
SHA256

4860eaf33ade5a14ebbec5344133e49b87e42bbae45ca405e46347702c16190d
SHA512

7f5f612b7c694c7a07208b7785f787f8f311d993b88e2f5e06020c3fbf6f418b2fa71b5ff771f285671d12cfa7c448dd0a32323845d82b7005ca9e45f051f39c
SSDEEP

12288:i254f/VAuj79umm3xR0lq+X6kOyeXiYxewRJBWW59qA7W2FeDSIGVH/KIDgDgUed:x+D9uVMpjOyerrFQDbGV6eH81kp

Score

10^/10

warzonerat discovery persistence rat

Malware Config

Targets

- Target
  
  4860eaf33ade5a14ebbec5344133e49b87e42bbae45ca405e46347702c16190d.exe
- Size
  
  1.8MB
- MD5
  
  0d2e1637c037942ea711ea251eb426de
- SHA1
  
  2d8148cc1b60342b4a31faef7c8af1fc90582695
- SHA256
  
  4860eaf33ade5a14ebbec5344133e49b87e42bbae45ca405e46347702c16190d
- SHA512
  
  7f5f612b7c694c7a07208b7785f787f8f311d993b88e2f5e06020c3fbf6f418b2fa71b5ff771f285671d12cfa7c448dd0a32323845d82b7005ca9e45f051f39c
- SSDEEP
  
  12288:i254f/VAuj79umm3xR0lq+X6kOyeXiYxewRJBWW59qA7W2FeDSIGVH/KIDgDgUed:x+D9uVMpjOyerrFQDbGV6eH81kp
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence