warzonerat | 8e7b05fcbcc706640e27b69e5aa18bfb2438cae6331a40ba404a3867d04737ae | Triage

Sharing

General

Target

8e7b05fcbcc706640e27b69e5aa18bfb2438cae6331a40ba404a3867d04737ae.exe
Size

1.8MB
Sample

250116-lfgr4atmht
MD5

18e5256bd3f678eb321eca574d62ce99
SHA1

fb706a25d90d97193e235110d0caceed2a23bb76
SHA256

8e7b05fcbcc706640e27b69e5aa18bfb2438cae6331a40ba404a3867d04737ae
SHA512

4f7d4c2abaf949edeccce64ea57c417f38386bc5819c47255a1fe0196ab0526b14182bcc3aabfee4ac1a5fa5a5d92af5fff1508b612442abec22ee96c215a427
SSDEEP

12288:Q99Vbpgx4OuE+aCpBPY0PkI686WNUfWO6yuXzT5SPlSG9dA7W2FeDSIGVH/KIDgG:k1gg4CppEI6GGfWDkMQDbGV6eH8tk/

Score

10^/10

warzonerat discovery persistence rat

Malware Config

Targets

- Target
  
  8e7b05fcbcc706640e27b69e5aa18bfb2438cae6331a40ba404a3867d04737ae.exe
- Size
  
  1.8MB
- MD5
  
  18e5256bd3f678eb321eca574d62ce99
- SHA1
  
  fb706a25d90d97193e235110d0caceed2a23bb76
- SHA256
  
  8e7b05fcbcc706640e27b69e5aa18bfb2438cae6331a40ba404a3867d04737ae
- SHA512
  
  4f7d4c2abaf949edeccce64ea57c417f38386bc5819c47255a1fe0196ab0526b14182bcc3aabfee4ac1a5fa5a5d92af5fff1508b612442abec22ee96c215a427
- SSDEEP
  
  12288:Q99Vbpgx4OuE+aCpBPY0PkI686WNUfWO6yuXzT5SPlSG9dA7W2FeDSIGVH/KIDgG:k1gg4CppEI6GGfWDkMQDbGV6eH8tk/
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence