General
-
Target
adff9b172f90f6ec4181ab6e64a7baf864adbc954947649f77739b939ae8f052
-
Size
1.8MB
-
Sample
210505-9x9gpx39as
-
MD5
c2c72d0ce1e2b4aa824b3b11209e20c6
-
SHA1
535479e17340b248724de24bfd385c5739bbcac0
-
SHA256
adff9b172f90f6ec4181ab6e64a7baf864adbc954947649f77739b939ae8f052
-
SHA512
a64a7b2c9092501e32b7bcdbc779c178a33af187639e34b14dd3e9c60a5e60929c049ed41614c5d63673b9c584803f459921d54d026bbbe2f76a8d9884744a04
Static task
static1
Behavioral task
behavioral1
Sample
adff9b172f90f6ec4181ab6e64a7baf864adbc954947649f77739b939ae8f052.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
adff9b172f90f6ec4181ab6e64a7baf864adbc954947649f77739b939ae8f052.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
adff9b172f90f6ec4181ab6e64a7baf864adbc954947649f77739b939ae8f052
-
Size
1.8MB
-
MD5
c2c72d0ce1e2b4aa824b3b11209e20c6
-
SHA1
535479e17340b248724de24bfd385c5739bbcac0
-
SHA256
adff9b172f90f6ec4181ab6e64a7baf864adbc954947649f77739b939ae8f052
-
SHA512
a64a7b2c9092501e32b7bcdbc779c178a33af187639e34b14dd3e9c60a5e60929c049ed41614c5d63673b9c584803f459921d54d026bbbe2f76a8d9884744a04
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-