General
-
Target
926509aff0ec48ac354fe49b372f8e2b8d05fe97ba5a1828b422ca75b95cb0ea
-
Size
1.8MB
-
Sample
210505-xx9778345a
-
MD5
bc4a2d6d59a0aee1a434e93f5d59019a
-
SHA1
2403a1c0017b46d2357f3730b9d5c16fa7284a28
-
SHA256
926509aff0ec48ac354fe49b372f8e2b8d05fe97ba5a1828b422ca75b95cb0ea
-
SHA512
5b808a743ed3663656417dc23b9614dc89ab25c5814040f76afa356659ce3614431a2580963e977c9169d262ba80a4238d70ab53b7317f1b6003fd5111e8ba47
Static task
static1
Behavioral task
behavioral1
Sample
926509aff0ec48ac354fe49b372f8e2b8d05fe97ba5a1828b422ca75b95cb0ea.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
926509aff0ec48ac354fe49b372f8e2b8d05fe97ba5a1828b422ca75b95cb0ea.exe
Resource
win10v20210408
Malware Config
Targets
-
-
Target
926509aff0ec48ac354fe49b372f8e2b8d05fe97ba5a1828b422ca75b95cb0ea
-
Size
1.8MB
-
MD5
bc4a2d6d59a0aee1a434e93f5d59019a
-
SHA1
2403a1c0017b46d2357f3730b9d5c16fa7284a28
-
SHA256
926509aff0ec48ac354fe49b372f8e2b8d05fe97ba5a1828b422ca75b95cb0ea
-
SHA512
5b808a743ed3663656417dc23b9614dc89ab25c5814040f76afa356659ce3614431a2580963e977c9169d262ba80a4238d70ab53b7317f1b6003fd5111e8ba47
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-