General
-
Target
7eaa2c0c3cd26e9495e9de67413f860820a713141429e921861d239d80475df3
-
Size
2.9MB
-
Sample
210228-ybs95zlk1s
-
MD5
b2ed1b38dc16e2d3e46c1748f06871fc
-
SHA1
deafaba66dfcbdee771b44562a958824899136e0
-
SHA256
7eaa2c0c3cd26e9495e9de67413f860820a713141429e921861d239d80475df3
-
SHA512
e7d1301ce915de74ea7d8245c7c03ce3cf60840d46d35e5bf9063124f49a06eb08795cde0705d28c120d96c96f1f26b31374e832d02ee962bf0a6eb9675a6bf9
Static task
static1
Behavioral task
behavioral1
Sample
7eaa2c0c3cd26e9495e9de67413f860820a713141429e921861d239d80475df3.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
7eaa2c0c3cd26e9495e9de67413f860820a713141429e921861d239d80475df3.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
7eaa2c0c3cd26e9495e9de67413f860820a713141429e921861d239d80475df3
-
Size
2.9MB
-
MD5
b2ed1b38dc16e2d3e46c1748f06871fc
-
SHA1
deafaba66dfcbdee771b44562a958824899136e0
-
SHA256
7eaa2c0c3cd26e9495e9de67413f860820a713141429e921861d239d80475df3
-
SHA512
e7d1301ce915de74ea7d8245c7c03ce3cf60840d46d35e5bf9063124f49a06eb08795cde0705d28c120d96c96f1f26b31374e832d02ee962bf0a6eb9675a6bf9
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-