General
-
Target
69ee759f52c353add075c24cf5e998b31cd2386f66a9c91f6f876eb636c54ee5
-
Size
2.9MB
-
Sample
210228-5yyt7zf4ex
-
MD5
bae582e3781b693c05fb1a65d7496500
-
SHA1
1a38ec721cc0b688564e0281282f07551a660fc0
-
SHA256
69ee759f52c353add075c24cf5e998b31cd2386f66a9c91f6f876eb636c54ee5
-
SHA512
ec015852a100dda336d2785490ca18619baa692200ca940950500829a802f9205706c7e89b02a2c43294e525ca29065c6d3f19a40d80546f25ca65c152974371
Static task
static1
Behavioral task
behavioral1
Sample
69ee759f52c353add075c24cf5e998b31cd2386f66a9c91f6f876eb636c54ee5.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
69ee759f52c353add075c24cf5e998b31cd2386f66a9c91f6f876eb636c54ee5.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
69ee759f52c353add075c24cf5e998b31cd2386f66a9c91f6f876eb636c54ee5
-
Size
2.9MB
-
MD5
bae582e3781b693c05fb1a65d7496500
-
SHA1
1a38ec721cc0b688564e0281282f07551a660fc0
-
SHA256
69ee759f52c353add075c24cf5e998b31cd2386f66a9c91f6f876eb636c54ee5
-
SHA512
ec015852a100dda336d2785490ca18619baa692200ca940950500829a802f9205706c7e89b02a2c43294e525ca29065c6d3f19a40d80546f25ca65c152974371
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-