General
-
Target
90e34c74bec2e84fa0a134d4204f4ae6c5373eb539d384072db0e42370d7d2e9
-
Size
1.8MB
-
Sample
210505-2nwwjjzmsa
-
MD5
ab8b026c7402b5e0452ff0f915f2cb0f
-
SHA1
ca849caf19f9c87e2218f12d8c2c263f010b858f
-
SHA256
90e34c74bec2e84fa0a134d4204f4ae6c5373eb539d384072db0e42370d7d2e9
-
SHA512
c896a625314f135ec0854f2ef80574efc21926c46a04224e6fa3f75342c8647963ee3d7e7538b2ac5352f2ad62f20d9e0bb86c8233289f8bded6ca52830cbbda
Static task
static1
Behavioral task
behavioral1
Sample
90e34c74bec2e84fa0a134d4204f4ae6c5373eb539d384072db0e42370d7d2e9.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
90e34c74bec2e84fa0a134d4204f4ae6c5373eb539d384072db0e42370d7d2e9.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
90e34c74bec2e84fa0a134d4204f4ae6c5373eb539d384072db0e42370d7d2e9
-
Size
1.8MB
-
MD5
ab8b026c7402b5e0452ff0f915f2cb0f
-
SHA1
ca849caf19f9c87e2218f12d8c2c263f010b858f
-
SHA256
90e34c74bec2e84fa0a134d4204f4ae6c5373eb539d384072db0e42370d7d2e9
-
SHA512
c896a625314f135ec0854f2ef80574efc21926c46a04224e6fa3f75342c8647963ee3d7e7538b2ac5352f2ad62f20d9e0bb86c8233289f8bded6ca52830cbbda
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-