warzonerat | a8a88d21f58a3154e7d2515e46ae86f679f7d7f7e5955ceff07a6112cac4a6f1 | Triage

Sharing

General

Target

a8a88d21f58a3154e7d2515e46ae86f679f7d7f7e5955ceff07a6112cac4a6f1
Size

8.2MB
Sample

250311-d4a1fszjw3
MD5

4592cbdcfccc914f8aa9ecd8d8a8a490
SHA1

f21a0b0eceede77610cb531aa12ff6a16f54c80e
SHA256

a8a88d21f58a3154e7d2515e46ae86f679f7d7f7e5955ceff07a6112cac4a6f1
SHA512

109b6ef0eb885f3b6e0ed3fd49f11861a1a171ae70f3b361e142c2cdee9e0823f13d28673209c26213c733f20515329afe516d43187b04180b6e25e6e3fe916c
SSDEEP

49152:7C0bNechC0bNechC0bNecIC0bNechC0bNechC0bNecU:V8e8e8f8e8e89

Score

10^/10

warzonerat aspackv2 discovery persistence rat

Malware Config

Targets

- Target
  
  a8a88d21f58a3154e7d2515e46ae86f679f7d7f7e5955ceff07a6112cac4a6f1
- Size
  
  8.2MB
- MD5
  
  4592cbdcfccc914f8aa9ecd8d8a8a490
- SHA1
  
  f21a0b0eceede77610cb531aa12ff6a16f54c80e
- SHA256
  
  a8a88d21f58a3154e7d2515e46ae86f679f7d7f7e5955ceff07a6112cac4a6f1
- SHA512
  
  109b6ef0eb885f3b6e0ed3fd49f11861a1a171ae70f3b361e142c2cdee9e0823f13d28673209c26213c733f20515329afe516d43187b04180b6e25e6e3fe916c
- SSDEEP
  
  49152:7C0bNechC0bNechC0bNecIC0bNechC0bNechC0bNecU:V8e8e8f8e8e89
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

rataspackv2warzonerat

behavioral1

discoverypersistence

behavioral2

discoverypersistence