General
-
Target
3f1b5e5d56db51d8fce87a0dcffb71aba5f04698f97ec274bbb87ec933310f60
-
Size
1.8MB
-
Sample
210504-zyatlld616
-
MD5
fc297900e07d910893b63adbe917ef3f
-
SHA1
d15657071067de4885e8d38d5b259f8b6da9ba04
-
SHA256
3f1b5e5d56db51d8fce87a0dcffb71aba5f04698f97ec274bbb87ec933310f60
-
SHA512
74645a91a234a21b1c1737d9e9852028424d5ea9e8a0e0f545f9f995cf716eba23652db8058dc65e80ef7859348e06f015572537dc6277faf0ea4e3d0588dccc
Static task
static1
Behavioral task
behavioral1
Sample
3f1b5e5d56db51d8fce87a0dcffb71aba5f04698f97ec274bbb87ec933310f60.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
3f1b5e5d56db51d8fce87a0dcffb71aba5f04698f97ec274bbb87ec933310f60.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
3f1b5e5d56db51d8fce87a0dcffb71aba5f04698f97ec274bbb87ec933310f60
-
Size
1.8MB
-
MD5
fc297900e07d910893b63adbe917ef3f
-
SHA1
d15657071067de4885e8d38d5b259f8b6da9ba04
-
SHA256
3f1b5e5d56db51d8fce87a0dcffb71aba5f04698f97ec274bbb87ec933310f60
-
SHA512
74645a91a234a21b1c1737d9e9852028424d5ea9e8a0e0f545f9f995cf716eba23652db8058dc65e80ef7859348e06f015572537dc6277faf0ea4e3d0588dccc
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-