General
-
Target
dd3bfcb4d3e094512c82dada8cd218c56febd914342e9063f533cdbfea0bca45
-
Size
1.8MB
-
Sample
210504-heh3nzykhx
-
MD5
c1ad5f2ef3adc0df53f806aae1b0429b
-
SHA1
2f132de302815f8eb4d5b0595d15c3728144d84a
-
SHA256
dd3bfcb4d3e094512c82dada8cd218c56febd914342e9063f533cdbfea0bca45
-
SHA512
7c0013dddb9bb01ea2bc0a72492e2df754c9a6ca9b08eb3a7171eb79a3e090107503947ded8dd92f9143719b2b9f3facabaab4bd39a7e5ab476ad5232c658d96
Static task
static1
Behavioral task
behavioral1
Sample
dd3bfcb4d3e094512c82dada8cd218c56febd914342e9063f533cdbfea0bca45.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
dd3bfcb4d3e094512c82dada8cd218c56febd914342e9063f533cdbfea0bca45.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
dd3bfcb4d3e094512c82dada8cd218c56febd914342e9063f533cdbfea0bca45
-
Size
1.8MB
-
MD5
c1ad5f2ef3adc0df53f806aae1b0429b
-
SHA1
2f132de302815f8eb4d5b0595d15c3728144d84a
-
SHA256
dd3bfcb4d3e094512c82dada8cd218c56febd914342e9063f533cdbfea0bca45
-
SHA512
7c0013dddb9bb01ea2bc0a72492e2df754c9a6ca9b08eb3a7171eb79a3e090107503947ded8dd92f9143719b2b9f3facabaab4bd39a7e5ab476ad5232c658d96
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-