General
-
Target
SecuriteInfo.com.Win32.CrypterX-gen.2384.14277.exe
-
Size
666KB
-
Sample
221114-lns54abe3t
-
MD5
82ba0b42afdb5fc7a4faef5a10b8ac32
-
SHA1
0deb3887eed7cfbb4e76aad8f156ca19ce3aa2ae
-
SHA256
76c4bd3211cad91689f1adf14cdbff0773a8e7ceb0271b79fd010a90eaa1c7ff
-
SHA512
332faecf68494e31ca1c2d7294110e3f6c5848855e4b08189519525a3b7dc9f7257e7093d366b6d8c7aeb1a7c93389463f3162b519b59f85e3270fd64cd0475e
-
SSDEEP
12288:YRU68atsFb35ljquU9M4PTIjinhBzDwv1Fpy:EU68atsx1/jIhB0Hy
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Win32.CrypterX-gen.2384.14277.exe
-
Size
666KB
-
MD5
82ba0b42afdb5fc7a4faef5a10b8ac32
-
SHA1
0deb3887eed7cfbb4e76aad8f156ca19ce3aa2ae
-
SHA256
76c4bd3211cad91689f1adf14cdbff0773a8e7ceb0271b79fd010a90eaa1c7ff
-
SHA512
332faecf68494e31ca1c2d7294110e3f6c5848855e4b08189519525a3b7dc9f7257e7093d366b6d8c7aeb1a7c93389463f3162b519b59f85e3270fd64cd0475e
-
SSDEEP
12288:YRU68atsFb35ljquU9M4PTIjinhBzDwv1Fpy:EU68atsx1/jIhB0Hy
Score10/10-
Modifies WinLogon for persistence
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets DLL path for service in the registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-