General
-
Target
ebcb061131ca2a3704db979a2fe8c9f42f653262365a2e981b6b38e0085e0e01
-
Size
5.9MB
-
Sample
210228-ykh95fwhmj
-
MD5
b76397cc87272fa87623b28045474e0e
-
SHA1
4cb58602ab54d3dd406a6e1af1439d71df12d44c
-
SHA256
ebcb061131ca2a3704db979a2fe8c9f42f653262365a2e981b6b38e0085e0e01
-
SHA512
f195508f460d68031468b327bfaa620c1762a63cc61bc3731a5a9ccaa5646171b613a06e16f7001709d9facab90a016281ff9e749753a16b63b5a312c235dc79
Static task
static1
Behavioral task
behavioral1
Sample
ebcb061131ca2a3704db979a2fe8c9f42f653262365a2e981b6b38e0085e0e01.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
ebcb061131ca2a3704db979a2fe8c9f42f653262365a2e981b6b38e0085e0e01.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
ebcb061131ca2a3704db979a2fe8c9f42f653262365a2e981b6b38e0085e0e01
-
Size
5.9MB
-
MD5
b76397cc87272fa87623b28045474e0e
-
SHA1
4cb58602ab54d3dd406a6e1af1439d71df12d44c
-
SHA256
ebcb061131ca2a3704db979a2fe8c9f42f653262365a2e981b6b38e0085e0e01
-
SHA512
f195508f460d68031468b327bfaa620c1762a63cc61bc3731a5a9ccaa5646171b613a06e16f7001709d9facab90a016281ff9e749753a16b63b5a312c235dc79
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-