General
-
Target
Invoice n� 20220610.lzh
-
Size
834KB
-
Sample
221116-p795haah88
-
MD5
92055afa758e2ea460c209d549a22d17
-
SHA1
5ecc43dceb3d1d5a6e0add4adad5385344ee7291
-
SHA256
dfb468fae58c6ee797fb5fd0be45e66fb70faf272b818617b3c2d9c5a153a8b1
-
SHA512
d9b869fa6cc8091cb37fc7ec73d4adb3f4bfce3074113f1c7d435719b1d4673574da81d4d34a14d65c69e533cbda474a60a08b19054751cbcdf3791bfd87dd3a
-
SSDEEP
12288:M6mvmrAIpXGkCHR3uU9M4/1Y2lranhBzDwvZ+v6cxa:MdmrAIpX5ZWY2ehBG+vy
Malware Config
Targets
-
-
Target
Invoice n� 20220610.lzh
-
Size
834KB
-
MD5
92055afa758e2ea460c209d549a22d17
-
SHA1
5ecc43dceb3d1d5a6e0add4adad5385344ee7291
-
SHA256
dfb468fae58c6ee797fb5fd0be45e66fb70faf272b818617b3c2d9c5a153a8b1
-
SHA512
d9b869fa6cc8091cb37fc7ec73d4adb3f4bfce3074113f1c7d435719b1d4673574da81d4d34a14d65c69e533cbda474a60a08b19054751cbcdf3791bfd87dd3a
-
SSDEEP
12288:M6mvmrAIpXGkCHR3uU9M4/1Y2lranhBzDwvZ+v6cxa:MdmrAIpX5ZWY2ehBG+vy
Score3/10 -
-
-
Target
Invoice n 20220610.exe
-
Size
834KB
-
MD5
c41ab4abfd11308b0f3b10cbd57a3a36
-
SHA1
85959216592c0ca55c91b880c242d2ff7eeca49d
-
SHA256
3da539d2f3f68c823e556e637665b03f2501e510c36db2429fe17ad44e903da6
-
SHA512
04cc28f9f8b0bae22dfcff965faef945937e5a4fe8b8ab1a795a32ac8d30b11c647b2f0a37f6f32d723211dc8bba3050f3032c5c2f1c6f397d3643320c39a637
-
SSDEEP
12288:L6mvmrAIpXGkCHR3uU9M4/1Y2lranhBzDwvZ+v6cxa:LdmrAIpX5ZWY2ehBG+vy
Score10/10-
Modifies WinLogon for persistence
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets DLL path for service in the registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-