General
-
Target
5f5975aa54916c31a205ae5c29c0bfe2.exe
-
Size
368KB
-
Sample
210715-letdbzjsba
-
MD5
5f5975aa54916c31a205ae5c29c0bfe2
-
SHA1
4c309f984a5d02227773cf476384422aa8f34819
-
SHA256
043544fc666b260b348dbd6c004ac8a76c62418e34b3330e6d0a1fac1dfc3f9f
-
SHA512
0277be3783adf1266d77dfbcfa3f586ce58f9a63a5293a8cc75d21a7b9fa713c83fa7119fed892f320e8dd01b1940a6a1aebd5f47a62bb73a98b04101bf0775e
Static task
static1
Behavioral task
behavioral1
Sample
5f5975aa54916c31a205ae5c29c0bfe2.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
5f5975aa54916c31a205ae5c29c0bfe2.exe
Resource
win10v20210408
Malware Config
Extracted
warzonerat
sdafsdffssffs.ydns.eu:6703
Targets
-
-
Target
5f5975aa54916c31a205ae5c29c0bfe2.exe
-
Size
368KB
-
MD5
5f5975aa54916c31a205ae5c29c0bfe2
-
SHA1
4c309f984a5d02227773cf476384422aa8f34819
-
SHA256
043544fc666b260b348dbd6c004ac8a76c62418e34b3330e6d0a1fac1dfc3f9f
-
SHA512
0277be3783adf1266d77dfbcfa3f586ce58f9a63a5293a8cc75d21a7b9fa713c83fa7119fed892f320e8dd01b1940a6a1aebd5f47a62bb73a98b04101bf0775e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
AgentTesla Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Sets DLL path for service in the registry
-
Loads dropped DLL
-
Modifies WinLogon
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-