General
-
Target
b92cf7fabcd142154038649990ee9960
-
Size
1.2MB
-
Sample
201214-g5cqlzx8nj
-
MD5
b92cf7fabcd142154038649990ee9960
-
SHA1
9d6cf4c4386206744d90614f307142af43ffec43
-
SHA256
f69e92ecf6c4a263eb840bb1765cdb9995300485466543e1b791d32453c908ee
-
SHA512
1b34120f9b79779ce4fe39bddc5b182f609c77a2907cd2d2d5e16b119d03dd15adc97a7ff3baac2df6f001756ddbd74ac2dbaefda5c91c1b3a14a240f2ebb53e
Static task
static1
Behavioral task
behavioral1
Sample
b92cf7fabcd142154038649990ee9960.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
b92cf7fabcd142154038649990ee9960.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
b92cf7fabcd142154038649990ee9960
-
Size
1.2MB
-
MD5
b92cf7fabcd142154038649990ee9960
-
SHA1
9d6cf4c4386206744d90614f307142af43ffec43
-
SHA256
f69e92ecf6c4a263eb840bb1765cdb9995300485466543e1b791d32453c908ee
-
SHA512
1b34120f9b79779ce4fe39bddc5b182f609c77a2907cd2d2d5e16b119d03dd15adc97a7ff3baac2df6f001756ddbd74ac2dbaefda5c91c1b3a14a240f2ebb53e
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-