General
-
Target
b38e4017409179a0ce847e5951e61479128caaaa7a721bf1acbece8dfc7ccc54
-
Size
2.9MB
-
Sample
210228-yda3ha9tkj
-
MD5
b4c0f0133eda9357e505b6782826446e
-
SHA1
4c3a4304ea728335e485f57dbbd055cc64a605ce
-
SHA256
b38e4017409179a0ce847e5951e61479128caaaa7a721bf1acbece8dfc7ccc54
-
SHA512
cab105ae2c083949c8084ca05913c737c3edb878f1a70fc21171c71c76198c4c369c9b3788df4118977f5d0e7b6bdc416d29316d824c053d90e7d38daae42587
Static task
static1
Behavioral task
behavioral1
Sample
b38e4017409179a0ce847e5951e61479128caaaa7a721bf1acbece8dfc7ccc54.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
b38e4017409179a0ce847e5951e61479128caaaa7a721bf1acbece8dfc7ccc54.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
b38e4017409179a0ce847e5951e61479128caaaa7a721bf1acbece8dfc7ccc54
-
Size
2.9MB
-
MD5
b4c0f0133eda9357e505b6782826446e
-
SHA1
4c3a4304ea728335e485f57dbbd055cc64a605ce
-
SHA256
b38e4017409179a0ce847e5951e61479128caaaa7a721bf1acbece8dfc7ccc54
-
SHA512
cab105ae2c083949c8084ca05913c737c3edb878f1a70fc21171c71c76198c4c369c9b3788df4118977f5d0e7b6bdc416d29316d824c053d90e7d38daae42587
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-