Overview

overview

10

Static

static

10

595e721283...98.exe

windows7_x64

1

595e721283...98.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    595e721283d98ba113acc7c633b36072dc46220d80afccf1efbe8b8f96461f98

  • Size

    1.2MB

  • Sample

    210516-1zska3pqcj

  • MD5

    c1d36f1bcd9a0c5b37a887302536a636

  • SHA1

    9f07fea84ff3273a37c3d9c66b209ef3e31cb731

  • SHA256

    595e721283d98ba113acc7c633b36072dc46220d80afccf1efbe8b8f96461f98

  • SHA512

    bebb32aad7b31cd6af927354805509ad06567d79740515ea3550bc6fc3d098dd144172b20ff344ffd4f8cda299d6e3bb84b5dde873c929bba567cca4cc1dfdaf

Score
10/10
warzonerataspackv2evasioninfostealerpersistencerat

Malware Config

Targets

    • Target

      595e721283d98ba113acc7c633b36072dc46220d80afccf1efbe8b8f96461f98

    • Size

      1.2MB

    • MD5

      c1d36f1bcd9a0c5b37a887302536a636

    • SHA1

      9f07fea84ff3273a37c3d9c66b209ef3e31cb731

    • SHA256

      595e721283d98ba113acc7c633b36072dc46220d80afccf1efbe8b8f96461f98

    • SHA512

      bebb32aad7b31cd6af927354805509ad06567d79740515ea3550bc6fc3d098dd144172b20ff344ffd4f8cda299d6e3bb84b5dde873c929bba567cca4cc1dfdaf

    Score
    10/10
    warzonerataspackv2evasioninfostealerpersistencerat

    • Modifies WinLogon for persistence

      persistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT Payload

      rat

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Executes dropped EXE

    • Modifies Installed Components in the registry

      persistence

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks