General
-
Target
c97ae84e271bc4f1ae277c32b97e59160531d601421a110ee31468e451f3fa9d
-
Size
1.8MB
-
Sample
210505-qclvf2mtaj
-
MD5
fd88e732993de57ca0bfd7d092c26131
-
SHA1
b3ad7ac5a3531a84654b1ac2364c12242de08f66
-
SHA256
c97ae84e271bc4f1ae277c32b97e59160531d601421a110ee31468e451f3fa9d
-
SHA512
5d45fd176f8e5e57e7077919afb14b47f8a3818377b47a21ce11f5ac5a74df46d6ead66e7acdfdeb04aeb3c1c667b196f6cc6378db21a3a82c80d471f472b148
Static task
static1
Behavioral task
behavioral1
Sample
c97ae84e271bc4f1ae277c32b97e59160531d601421a110ee31468e451f3fa9d.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
c97ae84e271bc4f1ae277c32b97e59160531d601421a110ee31468e451f3fa9d.exe
Resource
win10v20210408
Malware Config
Targets
-
-
Target
c97ae84e271bc4f1ae277c32b97e59160531d601421a110ee31468e451f3fa9d
-
Size
1.8MB
-
MD5
fd88e732993de57ca0bfd7d092c26131
-
SHA1
b3ad7ac5a3531a84654b1ac2364c12242de08f66
-
SHA256
c97ae84e271bc4f1ae277c32b97e59160531d601421a110ee31468e451f3fa9d
-
SHA512
5d45fd176f8e5e57e7077919afb14b47f8a3818377b47a21ce11f5ac5a74df46d6ead66e7acdfdeb04aeb3c1c667b196f6cc6378db21a3a82c80d471f472b148
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-