Extracted

• • Target

    Sandra-Wohl-Bewerbung-Arbeitszeugnis.exe

  • Size

    99KB

  • MD5

    2411437b7a8c5e897e974b5a33e67428

  • SHA1

    00906dca6d4134495a95283cc2c5ac458f2891fd

  • SHA256

    58f6462c0225f4ec37209add8486ef9bdcdc1d1e766096af73b3c7797ebeadb1

  • SHA512

    de8a3052a58d6b66d2c4840cc829478d82b69d754f4d25101573593357a2af406d290f7749d4f74ebc9e4529b74a7f910f327efcb4f3a1dd27d73a66cce109e0

  • SSDEEP

    1536:/7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfPwNOpJ0HWIhOl:z7DhdC6kzWypvaQ0FxyNTBfP6OpH

  Score

  10^/10

  eternitywarzoneratevasioninfostealerpersistenceransomwarerattrojanupx

  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Modifies security service

    evasion

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzone RAT payload

    rat

  • Disables Task Manager via registry modification

    evasion

  • Downloads MZ/PE file

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2