General
-
Target
bc630e07cf99324ac65fb506e9d54bbd6d405887070604e00d98c52ba60d64c1
-
Size
1.8MB
-
Sample
210505-b64gcx4m16
-
MD5
b78f5c47acef55129ff8d9862c477dcf
-
SHA1
4c8d602143a1a2fd5201ec4214cee155101e5911
-
SHA256
bc630e07cf99324ac65fb506e9d54bbd6d405887070604e00d98c52ba60d64c1
-
SHA512
d18d7a9999a9f50236efe551667dc9c6e226cfd6151a45d7712d980779599d9f5f81f74d97910b73f907e0ba54a85fb38fb5c489ac3cbbbaf49a39f7be28330e
Static task
static1
Behavioral task
behavioral1
Sample
bc630e07cf99324ac65fb506e9d54bbd6d405887070604e00d98c52ba60d64c1.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
bc630e07cf99324ac65fb506e9d54bbd6d405887070604e00d98c52ba60d64c1.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
bc630e07cf99324ac65fb506e9d54bbd6d405887070604e00d98c52ba60d64c1
-
Size
1.8MB
-
MD5
b78f5c47acef55129ff8d9862c477dcf
-
SHA1
4c8d602143a1a2fd5201ec4214cee155101e5911
-
SHA256
bc630e07cf99324ac65fb506e9d54bbd6d405887070604e00d98c52ba60d64c1
-
SHA512
d18d7a9999a9f50236efe551667dc9c6e226cfd6151a45d7712d980779599d9f5f81f74d97910b73f907e0ba54a85fb38fb5c489ac3cbbbaf49a39f7be28330e
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-