warzonerat | 51739d7e7aacf7246b9e8d893a7b979ef89ff53fc617fa75cef5ac40384772b7 | Triage

Sharing

General

Target

51739d7e7aacf7246b9e8d893a7b979ef89ff53fc617fa75cef5ac40384772b7.exe
Size

1.2MB
Sample

250117-g9tarswlak
MD5

182436d369e55ab640706f251d623292
SHA1

58dd70ab6be0eb568c472e478669188837ae5f7d
SHA256

51739d7e7aacf7246b9e8d893a7b979ef89ff53fc617fa75cef5ac40384772b7
SHA512

6d28120fb8ca7cba7631fc0963375d4a06157498fb4d93f2f64ba22fe20e67e0233dd09aa0cebc61649b90e374659dde34a4991ac7f832326b2abd1973db04a9
SSDEEP

12288:OIbsBDU0I6+Tu0TJ0N1oYgNOFDA7W2FeDSIGVH/KIDgDgUeHbY11kw:OIbGD2JTu0GoZQDbGV6eH81kw

Score

10^/10

warzonerat aspackv2 discovery persistence rat

Malware Config

Targets

- Target
  
  51739d7e7aacf7246b9e8d893a7b979ef89ff53fc617fa75cef5ac40384772b7.exe
- Size
  
  1.2MB
- MD5
  
  182436d369e55ab640706f251d623292
- SHA1
  
  58dd70ab6be0eb568c472e478669188837ae5f7d
- SHA256
  
  51739d7e7aacf7246b9e8d893a7b979ef89ff53fc617fa75cef5ac40384772b7
- SHA512
  
  6d28120fb8ca7cba7631fc0963375d4a06157498fb4d93f2f64ba22fe20e67e0233dd09aa0cebc61649b90e374659dde34a4991ac7f832326b2abd1973db04a9
- SSDEEP
  
  12288:OIbsBDU0I6+Tu0TJ0N1oYgNOFDA7W2FeDSIGVH/KIDgDgUeHbY11kw:OIbGD2JTu0GoZQDbGV6eH81kw
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

rataspackv2warzonerat

behavioral1

discoverypersistence

behavioral2

discoverypersistence