General
-
Target
8939f7bfa3b5c5afeeab65dc9958edda8dd67f0c1e54f75e9205f0eaf3f8adcd
-
Size
2.9MB
-
Sample
210228-dxrkad8lbx
-
MD5
bd7ae2c6444503777552e7a9d4e2bf2b
-
SHA1
426e1816bd7757d0f84a7c063b31ec6cd342af8c
-
SHA256
8939f7bfa3b5c5afeeab65dc9958edda8dd67f0c1e54f75e9205f0eaf3f8adcd
-
SHA512
2ef4f85b4d88fb334630fafcbd12e334f54efe31ce656f6a207987ae7d80bbd55dcbecf0d586e07fe6ac4bf83afd1b92de024ae9810b25d0f2420e751a381399
Static task
static1
Behavioral task
behavioral1
Sample
8939f7bfa3b5c5afeeab65dc9958edda8dd67f0c1e54f75e9205f0eaf3f8adcd.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
8939f7bfa3b5c5afeeab65dc9958edda8dd67f0c1e54f75e9205f0eaf3f8adcd.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
8939f7bfa3b5c5afeeab65dc9958edda8dd67f0c1e54f75e9205f0eaf3f8adcd
-
Size
2.9MB
-
MD5
bd7ae2c6444503777552e7a9d4e2bf2b
-
SHA1
426e1816bd7757d0f84a7c063b31ec6cd342af8c
-
SHA256
8939f7bfa3b5c5afeeab65dc9958edda8dd67f0c1e54f75e9205f0eaf3f8adcd
-
SHA512
2ef4f85b4d88fb334630fafcbd12e334f54efe31ce656f6a207987ae7d80bbd55dcbecf0d586e07fe6ac4bf83afd1b92de024ae9810b25d0f2420e751a381399
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-