General
-
Target
ad6b307bca7d1bc6c440af15b4ef78e8d613b694f06d14c30ad02f7dbcc32d30
-
Size
1.8MB
-
Sample
210504-yghh7wkr7x
-
MD5
adeb4690226aef0af78119115ad3227b
-
SHA1
fab9eac25fd6b371fc236d4b6a38958d0ad06021
-
SHA256
ad6b307bca7d1bc6c440af15b4ef78e8d613b694f06d14c30ad02f7dbcc32d30
-
SHA512
37e016c858bb77b7735c268aa314d9d87bb44ce98aa58076bd22cc174b271422d8aab0743238d94f7757683a0a9cfc3c3c59931baac8cc70e634b86bbea5fb48
Static task
static1
Behavioral task
behavioral1
Sample
ad6b307bca7d1bc6c440af15b4ef78e8d613b694f06d14c30ad02f7dbcc32d30.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
ad6b307bca7d1bc6c440af15b4ef78e8d613b694f06d14c30ad02f7dbcc32d30.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
ad6b307bca7d1bc6c440af15b4ef78e8d613b694f06d14c30ad02f7dbcc32d30
-
Size
1.8MB
-
MD5
adeb4690226aef0af78119115ad3227b
-
SHA1
fab9eac25fd6b371fc236d4b6a38958d0ad06021
-
SHA256
ad6b307bca7d1bc6c440af15b4ef78e8d613b694f06d14c30ad02f7dbcc32d30
-
SHA512
37e016c858bb77b7735c268aa314d9d87bb44ce98aa58076bd22cc174b271422d8aab0743238d94f7757683a0a9cfc3c3c59931baac8cc70e634b86bbea5fb48
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-