General
-
Target
dd01ecef92ab63710bb4f56150e2ad071b6c950118e9244d7337ce8703796ca0
-
Size
2.9MB
-
Sample
210228-fvr9dc9w46
-
MD5
be8f97d975676b8ce95fba84487c59de
-
SHA1
0231f7e116fd4d509eed536dae6fdb1211d0340c
-
SHA256
dd01ecef92ab63710bb4f56150e2ad071b6c950118e9244d7337ce8703796ca0
-
SHA512
e064e0b0cd0dfde0a5e2a791adfaa1fb87e7ad4d269592665c3b1f9667eff05ebe0935a9d5153299f084c9597a03038e562eb1f00efd5272bceab9e4532e5f4b
Static task
static1
Behavioral task
behavioral1
Sample
dd01ecef92ab63710bb4f56150e2ad071b6c950118e9244d7337ce8703796ca0.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
dd01ecef92ab63710bb4f56150e2ad071b6c950118e9244d7337ce8703796ca0.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
dd01ecef92ab63710bb4f56150e2ad071b6c950118e9244d7337ce8703796ca0
-
Size
2.9MB
-
MD5
be8f97d975676b8ce95fba84487c59de
-
SHA1
0231f7e116fd4d509eed536dae6fdb1211d0340c
-
SHA256
dd01ecef92ab63710bb4f56150e2ad071b6c950118e9244d7337ce8703796ca0
-
SHA512
e064e0b0cd0dfde0a5e2a791adfaa1fb87e7ad4d269592665c3b1f9667eff05ebe0935a9d5153299f084c9597a03038e562eb1f00efd5272bceab9e4532e5f4b
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-