warzonerat | a6d006f96984a257f9d3d27b5093b301b44fac3a4bdedab18fae8e62d1835fd9 | Triage

Sharing

General

Target

a6d006f96984a257f9d3d27b5093b301b44fac3a4bdedab18fae8e62d1835fd9.exe
Size

1.8MB
Sample

250116-s186eaxjfz
MD5

8be43f771ffbe8ff3bf7e384df3f562d
SHA1

58038e50fc243cba6708efb07946ed478e2ca74a
SHA256

a6d006f96984a257f9d3d27b5093b301b44fac3a4bdedab18fae8e62d1835fd9
SHA512

5c3223bfff788026b8e4d05f3b80af84282ad9c9968fdeafad71e79f2159fc76bb8c10cc1d96c738aca49f0bfeeaa589697bc19e61acd56c82d84d01a674062b
SSDEEP

12288:BUrjP8Xuc2UY0B8TIwDDMistJ6gicRzubSFJeOgTpBA7W2FeDSIGVH/KIDgDgUeS:ujjSYIUDJ86giGTPQDbGV6eH81k+

Score

10^/10

warzonerat discovery persistence rat

Malware Config

Targets

- Target
  
  a6d006f96984a257f9d3d27b5093b301b44fac3a4bdedab18fae8e62d1835fd9.exe
- Size
  
  1.8MB
- MD5
  
  8be43f771ffbe8ff3bf7e384df3f562d
- SHA1
  
  58038e50fc243cba6708efb07946ed478e2ca74a
- SHA256
  
  a6d006f96984a257f9d3d27b5093b301b44fac3a4bdedab18fae8e62d1835fd9
- SHA512
  
  5c3223bfff788026b8e4d05f3b80af84282ad9c9968fdeafad71e79f2159fc76bb8c10cc1d96c738aca49f0bfeeaa589697bc19e61acd56c82d84d01a674062b
- SSDEEP
  
  12288:BUrjP8Xuc2UY0B8TIwDDMistJ6gicRzubSFJeOgTpBA7W2FeDSIGVH/KIDgDgUeS:ujjSYIUDJ86giGTPQDbGV6eH81k+
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence