General
-
Target
hesaphareketi-01.exe
-
Size
33KB
-
Sample
211014-l83v2aghd2
-
MD5
38e162610466dd251d9b377a60f65c11
-
SHA1
2a597d5198230eaafe8d842e76776192ba3e6742
-
SHA256
7eb784edddde0eddd7b21c4907916f0109334a4237a9c2eb917caf8eae81480f
-
SHA512
385a3a4d1592539e64a14a096ab50f86925376cca6cd23dce1f88cf636affce84cd16c8716b68889bc10cb514822adc26bc2aec4cd6b6200fbbee611740994bc
Static task
static1
Behavioral task
behavioral1
Sample
hesaphareketi-01.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
hesaphareketi-01.exe
Resource
win10v20210408
Malware Config
Extracted
warzonerat
atifgabuying.ddns.net:7681
Targets
-
-
Target
hesaphareketi-01.exe
-
Size
33KB
-
MD5
38e162610466dd251d9b377a60f65c11
-
SHA1
2a597d5198230eaafe8d842e76776192ba3e6742
-
SHA256
7eb784edddde0eddd7b21c4907916f0109334a4237a9c2eb917caf8eae81480f
-
SHA512
385a3a4d1592539e64a14a096ab50f86925376cca6cd23dce1f88cf636affce84cd16c8716b68889bc10cb514822adc26bc2aec4cd6b6200fbbee611740994bc
-
Modifies WinLogon for persistence
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-