General
-
Target
3484c5363c5cec57c35318fd0ff2b306341998cf6b0277681e5131bd54c7443c
-
Size
6.1MB
-
Sample
210228-avd2dgfz1a
-
MD5
b9a347ae47fc218b9d581d28cfdf2f02
-
SHA1
c5228f361b273aae8dbcead1a614be678402c446
-
SHA256
3484c5363c5cec57c35318fd0ff2b306341998cf6b0277681e5131bd54c7443c
-
SHA512
7ce6c11bef261392e5ec35037bc6c0c276aee2ef7c2193e9971eab29abd8b32e2ca3093d1ce1a4f0f26a8b14c43e9dbd5cd9ec03640dd0bc848d292363ab9dc0
Static task
static1
Behavioral task
behavioral1
Sample
3484c5363c5cec57c35318fd0ff2b306341998cf6b0277681e5131bd54c7443c.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
3484c5363c5cec57c35318fd0ff2b306341998cf6b0277681e5131bd54c7443c.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
3484c5363c5cec57c35318fd0ff2b306341998cf6b0277681e5131bd54c7443c
-
Size
6.1MB
-
MD5
b9a347ae47fc218b9d581d28cfdf2f02
-
SHA1
c5228f361b273aae8dbcead1a614be678402c446
-
SHA256
3484c5363c5cec57c35318fd0ff2b306341998cf6b0277681e5131bd54c7443c
-
SHA512
7ce6c11bef261392e5ec35037bc6c0c276aee2ef7c2193e9971eab29abd8b32e2ca3093d1ce1a4f0f26a8b14c43e9dbd5cd9ec03640dd0bc848d292363ab9dc0
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-