General
-
Target
b6d62e7d1c498e90840ce16fee03ec30e10ac218b9836a0e163a3f405b240766
-
Size
2.9MB
-
Sample
210228-jcm6bhvd2x
-
MD5
8c71da2557b1249d9622ea73292a1e36
-
SHA1
e04f8c77829e8e20e0e40ac7111a48a4cb271699
-
SHA256
b6d62e7d1c498e90840ce16fee03ec30e10ac218b9836a0e163a3f405b240766
-
SHA512
665d8a5a307f4cb981fda8d974ec3c3d1eaf8ffab4f00bb066950da1ac16f348da8e3c1656e6a8117e6ee1fc5cc375b1e587deddea16ccd8fc3fd32ee776936b
Static task
static1
Behavioral task
behavioral1
Sample
b6d62e7d1c498e90840ce16fee03ec30e10ac218b9836a0e163a3f405b240766.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
b6d62e7d1c498e90840ce16fee03ec30e10ac218b9836a0e163a3f405b240766.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
b6d62e7d1c498e90840ce16fee03ec30e10ac218b9836a0e163a3f405b240766
-
Size
2.9MB
-
MD5
8c71da2557b1249d9622ea73292a1e36
-
SHA1
e04f8c77829e8e20e0e40ac7111a48a4cb271699
-
SHA256
b6d62e7d1c498e90840ce16fee03ec30e10ac218b9836a0e163a3f405b240766
-
SHA512
665d8a5a307f4cb981fda8d974ec3c3d1eaf8ffab4f00bb066950da1ac16f348da8e3c1656e6a8117e6ee1fc5cc375b1e587deddea16ccd8fc3fd32ee776936b
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-