General
-
Target
0fa8e1c5768dd04021b8853529f733128e3fc2d01825a5ed28298a164172b30f
-
Size
1.8MB
-
Sample
210504-14r9c9lqqj
-
MD5
b9e080a7ef5d11b902d97b3a7f9b742f
-
SHA1
d96ec752a89a4024e022fdb5bc5eb187216b14c2
-
SHA256
0fa8e1c5768dd04021b8853529f733128e3fc2d01825a5ed28298a164172b30f
-
SHA512
c9c710478fdd3e02d9b6cd5dbfc795326ebaebfe372e15247b811072adb62dd06cf777c5878df40686f857aae2c772c19bc33affbffa20866b164a2054b9caaa
Static task
static1
Behavioral task
behavioral1
Sample
0fa8e1c5768dd04021b8853529f733128e3fc2d01825a5ed28298a164172b30f.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
0fa8e1c5768dd04021b8853529f733128e3fc2d01825a5ed28298a164172b30f.exe
Resource
win10v20210408
Malware Config
Targets
-
-
Target
0fa8e1c5768dd04021b8853529f733128e3fc2d01825a5ed28298a164172b30f
-
Size
1.8MB
-
MD5
b9e080a7ef5d11b902d97b3a7f9b742f
-
SHA1
d96ec752a89a4024e022fdb5bc5eb187216b14c2
-
SHA256
0fa8e1c5768dd04021b8853529f733128e3fc2d01825a5ed28298a164172b30f
-
SHA512
c9c710478fdd3e02d9b6cd5dbfc795326ebaebfe372e15247b811072adb62dd06cf777c5878df40686f857aae2c772c19bc33affbffa20866b164a2054b9caaa
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-