General
-
Target
762f2070dca829f4fcf9940b97ef65d7c3389aad7f89ce75c83a2c7233d34272
-
Size
1.8MB
-
Sample
210504-ys3jpfqnd2
-
MD5
eab132251e5464f1ae1f8478d047058b
-
SHA1
abaae5a3a6f893c9b9843a28d380bc5650363710
-
SHA256
762f2070dca829f4fcf9940b97ef65d7c3389aad7f89ce75c83a2c7233d34272
-
SHA512
d5f3b76f638e9deb4dcf157909b0770e75937215b654b4c4d8819141103daf2d632f99fd0dc2e81e0c762a54409b2797516eb6bc418f51d196f5d1bd1577b7bc
Static task
static1
Behavioral task
behavioral1
Sample
762f2070dca829f4fcf9940b97ef65d7c3389aad7f89ce75c83a2c7233d34272.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
762f2070dca829f4fcf9940b97ef65d7c3389aad7f89ce75c83a2c7233d34272.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
762f2070dca829f4fcf9940b97ef65d7c3389aad7f89ce75c83a2c7233d34272
-
Size
1.8MB
-
MD5
eab132251e5464f1ae1f8478d047058b
-
SHA1
abaae5a3a6f893c9b9843a28d380bc5650363710
-
SHA256
762f2070dca829f4fcf9940b97ef65d7c3389aad7f89ce75c83a2c7233d34272
-
SHA512
d5f3b76f638e9deb4dcf157909b0770e75937215b654b4c4d8819141103daf2d632f99fd0dc2e81e0c762a54409b2797516eb6bc418f51d196f5d1bd1577b7bc
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-