General
-
Target
b170f274bac39da4a56ace442a306953d2b2eb143df19bffa1f8925be3263faa
-
Size
2.9MB
-
Sample
210228-psz3b6zf16
-
MD5
bcc178edc5b5bccccf601e9806d7c742
-
SHA1
5c707539f67f1260e8b411213d77e3acd15e4458
-
SHA256
b170f274bac39da4a56ace442a306953d2b2eb143df19bffa1f8925be3263faa
-
SHA512
e59d7e8cbfee8feb8d942535f1b7b6c744f3f17aac0e6d6aaf2a471611850ef908c50e934a62e60693c350fbb6bcc5557bba14c409962d26b42f0eb6ed825fc0
Static task
static1
Behavioral task
behavioral1
Sample
b170f274bac39da4a56ace442a306953d2b2eb143df19bffa1f8925be3263faa.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
b170f274bac39da4a56ace442a306953d2b2eb143df19bffa1f8925be3263faa.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
b170f274bac39da4a56ace442a306953d2b2eb143df19bffa1f8925be3263faa
-
Size
2.9MB
-
MD5
bcc178edc5b5bccccf601e9806d7c742
-
SHA1
5c707539f67f1260e8b411213d77e3acd15e4458
-
SHA256
b170f274bac39da4a56ace442a306953d2b2eb143df19bffa1f8925be3263faa
-
SHA512
e59d7e8cbfee8feb8d942535f1b7b6c744f3f17aac0e6d6aaf2a471611850ef908c50e934a62e60693c350fbb6bcc5557bba14c409962d26b42f0eb6ed825fc0
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-