Extracted

• • Target

    Sandra-Wohl-Bewerbung-Anschreiben.exe

  • Size

    99KB

  • MD5

    315ee22d17ea8ce5cbc0b443f1b5789c

  • SHA1

    5ddf66aec8de460d4dcd85845bd84ea5007d62ac

  • SHA256

    49cecc5851dc6ed4f7dfd13f91ade2941ea491cd7c08df9f3630de8de50e3fb4

  • SHA512

    488216968ecd6b7c894411486ea44914ad6d3adbc30acb09a1bb39d07a1222ce0f77be76f83e8855a497db6538ba6b5c0199242df190daceb81abd9640d656c6

  • SSDEEP

    1536:/7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIf3w/OpJ0HWIYuOl:z7DhdC6kzWypvaQ0FxyNTBf3wOpF

  Score

  10^/10

  eternitywarzoneratevasioninfostealerpersistenceransomwarerattrojanupx

  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Modifies security service

    evasion

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzone RAT payload

    rat

  • Blocklisted process makes network request

  • Disables Task Manager via registry modification

    evasion

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2