General
-
Target
7c0b5900a23a59b9d4f8b9fd3a1ab169fddcb41db929da8bd9c50866315077c8
-
Size
1.8MB
-
Sample
210504-txf9ppycye
-
MD5
d65a8c7050ccfe518ca69538bbf70f91
-
SHA1
a67f3acfd14d2092f80ade30245dcef6a8d29634
-
SHA256
7c0b5900a23a59b9d4f8b9fd3a1ab169fddcb41db929da8bd9c50866315077c8
-
SHA512
57d739244d8db58415f8fa558da2de51ca371b37d2c3380e34e466be3a7e2d796ef485e8f4d28f9e285cc6358216be51ca792ff4987dce79673bcf61b08b5b92
Static task
static1
Behavioral task
behavioral1
Sample
7c0b5900a23a59b9d4f8b9fd3a1ab169fddcb41db929da8bd9c50866315077c8.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
7c0b5900a23a59b9d4f8b9fd3a1ab169fddcb41db929da8bd9c50866315077c8.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
7c0b5900a23a59b9d4f8b9fd3a1ab169fddcb41db929da8bd9c50866315077c8
-
Size
1.8MB
-
MD5
d65a8c7050ccfe518ca69538bbf70f91
-
SHA1
a67f3acfd14d2092f80ade30245dcef6a8d29634
-
SHA256
7c0b5900a23a59b9d4f8b9fd3a1ab169fddcb41db929da8bd9c50866315077c8
-
SHA512
57d739244d8db58415f8fa558da2de51ca371b37d2c3380e34e466be3a7e2d796ef485e8f4d28f9e285cc6358216be51ca792ff4987dce79673bcf61b08b5b92
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-