General

  • Target

    78cedf4c16277b4ef72d3f5c3cb14f36ce338b6e62d05fa48951a04c33ec59b0

  • Size

    1.8MB

  • Sample

    210504-29ldvarb3j

  • MD5

    fcc7dfafa2dc463f4e27c6862bd5065b

  • SHA1

    2171e356f5ceedc51738b05a779cc3a43fbe4e0c

  • SHA256

    78cedf4c16277b4ef72d3f5c3cb14f36ce338b6e62d05fa48951a04c33ec59b0

  • SHA512

    fa818c86418e90efa970de9cf62f2e5c82cab6138c6e06122375fc9520f1047050d5721f3dd1066b452cec88967fb8dcdc1d876ece915646279ff840c6f96c82

Malware Config

Targets

    • Target

      78cedf4c16277b4ef72d3f5c3cb14f36ce338b6e62d05fa48951a04c33ec59b0

    • Size

      1.8MB

    • MD5

      fcc7dfafa2dc463f4e27c6862bd5065b

    • SHA1

      2171e356f5ceedc51738b05a779cc3a43fbe4e0c

    • SHA256

      78cedf4c16277b4ef72d3f5c3cb14f36ce338b6e62d05fa48951a04c33ec59b0

    • SHA512

      fa818c86418e90efa970de9cf62f2e5c82cab6138c6e06122375fc9520f1047050d5721f3dd1066b452cec88967fb8dcdc1d876ece915646279ff840c6f96c82

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT Payload

    • Executes dropped EXE

    • Modifies Installed Components in the registry

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks