General
-
Target
e5f14779fb1c47108ab2e8288cd56235
-
Size
1.2MB
-
Sample
201214-s6mbydmsgn
-
MD5
e5f14779fb1c47108ab2e8288cd56235
-
SHA1
943b96da1a9fb209ae01f25e12f4da98ef86b263
-
SHA256
1c8e832240d54e5072e00bd6fb57df4f741a9e9527f4a0c148c434c147796fc3
-
SHA512
b77f4f23887389944a66f71ac56e309e4186ed2bd0665babc1b5b5acf76a2b7b88154482b3b6cde374a63e877a3a84d91760da9039f2026aea13c63b6019f469
Static task
static1
Behavioral task
behavioral1
Sample
e5f14779fb1c47108ab2e8288cd56235.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
e5f14779fb1c47108ab2e8288cd56235.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
e5f14779fb1c47108ab2e8288cd56235
-
Size
1.2MB
-
MD5
e5f14779fb1c47108ab2e8288cd56235
-
SHA1
943b96da1a9fb209ae01f25e12f4da98ef86b263
-
SHA256
1c8e832240d54e5072e00bd6fb57df4f741a9e9527f4a0c148c434c147796fc3
-
SHA512
b77f4f23887389944a66f71ac56e309e4186ed2bd0665babc1b5b5acf76a2b7b88154482b3b6cde374a63e877a3a84d91760da9039f2026aea13c63b6019f469
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-