General
-
Target
e91357a97e614e2d7dc5a07046057741bc0e6c5ec791a80373e3730542728071
-
Size
2.9MB
-
Sample
210228-c8jf94fmpe
-
MD5
b861134b7d7740afe1fd8c260a156660
-
SHA1
52f46a0170de2b9cfc9e22c2022cc8c8d70cbfb8
-
SHA256
e91357a97e614e2d7dc5a07046057741bc0e6c5ec791a80373e3730542728071
-
SHA512
57136622c0905129a919feca202a26b5ce5f7a7cde856fde25be65cd9fc31dbf3d1bd17d91f92ff4340a55085c9259027587d26fb201bd905416efb8b4953ec9
Static task
static1
Behavioral task
behavioral1
Sample
e91357a97e614e2d7dc5a07046057741bc0e6c5ec791a80373e3730542728071.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
e91357a97e614e2d7dc5a07046057741bc0e6c5ec791a80373e3730542728071.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
e91357a97e614e2d7dc5a07046057741bc0e6c5ec791a80373e3730542728071
-
Size
2.9MB
-
MD5
b861134b7d7740afe1fd8c260a156660
-
SHA1
52f46a0170de2b9cfc9e22c2022cc8c8d70cbfb8
-
SHA256
e91357a97e614e2d7dc5a07046057741bc0e6c5ec791a80373e3730542728071
-
SHA512
57136622c0905129a919feca202a26b5ce5f7a7cde856fde25be65cd9fc31dbf3d1bd17d91f92ff4340a55085c9259027587d26fb201bd905416efb8b4953ec9
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-