warzonerat | 3876f2c2f76fbce3e169840009d749f36245f9c4cd014a57e97c8ab605069002 | Triage

Sharing

General

Target

3876f2c2f76fbce3e169840009d749f36245f9c4cd014a57e97c8ab605069002.exe
Size

1.8MB
Sample

250123-hvx6vazkck
MD5

4819b2e132f7684036021bfb67924bf4
SHA1

ee7ce7aed0de8d89d48e63ad4ed4cee75fb77446
SHA256

3876f2c2f76fbce3e169840009d749f36245f9c4cd014a57e97c8ab605069002
SHA512

e429b884290728dea5c70420ac81962a5eda29337adecd86b1b506f2c3b92af8b7626f2259db265aab86691d52963fe1be7edf05232f3de7603de52b354ae9e3
SSDEEP

12288:Q99Vbpgx4OuE+aCpBPY0PkI686WNUfWO6yuXzT5SPlSG9dA7W2FeDSIGVH/KIDgc:k1gg4CppEI6GGfWDkMQDbGV6eH8tkP

Score

10^/10

warzonerat discovery persistence rat

Malware Config

Targets

- Target
  
  3876f2c2f76fbce3e169840009d749f36245f9c4cd014a57e97c8ab605069002.exe
- Size
  
  1.8MB
- MD5
  
  4819b2e132f7684036021bfb67924bf4
- SHA1
  
  ee7ce7aed0de8d89d48e63ad4ed4cee75fb77446
- SHA256
  
  3876f2c2f76fbce3e169840009d749f36245f9c4cd014a57e97c8ab605069002
- SHA512
  
  e429b884290728dea5c70420ac81962a5eda29337adecd86b1b506f2c3b92af8b7626f2259db265aab86691d52963fe1be7edf05232f3de7603de52b354ae9e3
- SSDEEP
  
  12288:Q99Vbpgx4OuE+aCpBPY0PkI686WNUfWO6yuXzT5SPlSG9dA7W2FeDSIGVH/KIDgc:k1gg4CppEI6GGfWDkMQDbGV6eH8tkP
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence