General
-
Target
8557877249.zip
-
Size
437KB
-
Sample
221206-wn795adh31
-
MD5
4781f14e40effb69e5951c2795307271
-
SHA1
6d4ff9e453dab84da0f4c3c2c046b9b211d35c6d
-
SHA256
2896ddf591256c4bcbfde93116fdf3e1b01c4c4bed2b4651ddf5509d400bb15a
-
SHA512
7a8e19fb30bbc0a6e49b8a68a01e0cdbbb4768373b2343a92256a15f069afe0b6486d3a60eb1a02037d0924d7cff6b249222f6722bd2ad80b3bde7787effbc83
-
SSDEEP
12288:7ZVfJYJ3e0V3LC4oGMG8PAxfa43g+AVv8NCGQS:tVl0gu8caug+IvowS
Static task
static1
Behavioral task
behavioral1
Sample
8960471d8fd9a7991440d240baafe31b048b2f68e7999b77e5fe2cffb3c2b90d.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
8960471d8fd9a7991440d240baafe31b048b2f68e7999b77e5fe2cffb3c2b90d.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
8960471d8fd9a7991440d240baafe31b048b2f68e7999b77e5fe2cffb3c2b90d
-
Size
660KB
-
MD5
0b68196f8812f273aff9f237bfe5a59b
-
SHA1
494972b016c5e804b9ff2fb1719225c82c86584e
-
SHA256
8960471d8fd9a7991440d240baafe31b048b2f68e7999b77e5fe2cffb3c2b90d
-
SHA512
09ae6bb5bac3f1feca69e1980cc60a2a28813698bdbeeb0052f2e270978f8566fc2a64e8c6ae1bacbb0283d487be7957d436b0ee23a8749e67f05caee5fea3db
-
SSDEEP
12288:SxuVhFOAr1kDr+3WTuU9M4hLajznhBzDwvQne:SAV6Dre9eajbhBw
Score10/10-
Modifies WinLogon for persistence
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets DLL path for service in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-