warzonerat | c07be2b5e5604b11709f1ce9c1cd96ff72eb6766b92d62ac7b06fd5dc7acb0f4 | Triage

Sharing

General

Target

c07be2b5e5604b11709f1ce9c1cd96ff72eb6766b92d62ac7b06fd5dc7acb0f4.exe
Size

2.9MB
Sample

250116-pamypszqhk
MD5

a1e8eb6743607744b0d9ac04d8de1df3
SHA1

e7d267001e8a8dabe9cb5dedf7fee6a723839dfa
SHA256

c07be2b5e5604b11709f1ce9c1cd96ff72eb6766b92d62ac7b06fd5dc7acb0f4
SHA512

97ef5e8f261e78abdb206c05cef4c9e15c44535c681d4f223232192b643c1d47ddefc57d82e3f815428b64373e02a335b52b47f7240675a7f4f2cce6a4812560
SSDEEP

24576:7v97AXmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHz:7v97AXmw4gxeOw46fUbNecCCFbNecg

Score

10^/10

warzonerat discovery persistence rat

Malware Config

Targets

- Target
  
  c07be2b5e5604b11709f1ce9c1cd96ff72eb6766b92d62ac7b06fd5dc7acb0f4.exe
- Size
  
  2.9MB
- MD5
  
  a1e8eb6743607744b0d9ac04d8de1df3
- SHA1
  
  e7d267001e8a8dabe9cb5dedf7fee6a723839dfa
- SHA256
  
  c07be2b5e5604b11709f1ce9c1cd96ff72eb6766b92d62ac7b06fd5dc7acb0f4
- SHA512
  
  97ef5e8f261e78abdb206c05cef4c9e15c44535c681d4f223232192b643c1d47ddefc57d82e3f815428b64373e02a335b52b47f7240675a7f4f2cce6a4812560
- SSDEEP
  
  24576:7v97AXmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHz:7v97AXmw4gxeOw46fUbNecCCFbNecg
Score

7^/10

discovery persistence
- Drops startup file
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence