General
-
Target
dd9152f146a1fef42eeae45f8cad2f675455db4bed38b263fb6bc6b6359071ae
-
Size
1.8MB
-
Sample
230326-banncagh6t
-
MD5
fffdbc2d037fed8cb5fee7042f16331e
-
SHA1
5844613c31bc7b536547da7e11c922cec7b8d381
-
SHA256
dd9152f146a1fef42eeae45f8cad2f675455db4bed38b263fb6bc6b6359071ae
-
SHA512
15e0bc35c1d5f63becba5d637daf3a01cd61dd2c9dbbbc94b1226329449536aaff9f6d544321488a925ebe75be535ed7a56c243be648a3ea4add984a0dbaef26
-
SSDEEP
12288:L99Vbpgx4OuE+aCpBPY0PkI686WNUfWO6yuXzT5SPlSGN5A7W2FeDSIGVH/KIDg0:J1gg4CppEI6GGfWDkIQDbGV6eH81k1
Behavioral task
behavioral1
Sample
dd9152f146a1fef42eeae45f8cad2f675455db4bed38b263fb6bc6b6359071ae.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
dd9152f146a1fef42eeae45f8cad2f675455db4bed38b263fb6bc6b6359071ae.exe
Resource
win10v2004-20230221-en
Malware Config
Targets
-
-
Target
dd9152f146a1fef42eeae45f8cad2f675455db4bed38b263fb6bc6b6359071ae
-
Size
1.8MB
-
MD5
fffdbc2d037fed8cb5fee7042f16331e
-
SHA1
5844613c31bc7b536547da7e11c922cec7b8d381
-
SHA256
dd9152f146a1fef42eeae45f8cad2f675455db4bed38b263fb6bc6b6359071ae
-
SHA512
15e0bc35c1d5f63becba5d637daf3a01cd61dd2c9dbbbc94b1226329449536aaff9f6d544321488a925ebe75be535ed7a56c243be648a3ea4add984a0dbaef26
-
SSDEEP
12288:L99Vbpgx4OuE+aCpBPY0PkI686WNUfWO6yuXzT5SPlSGN5A7W2FeDSIGVH/KIDg0:J1gg4CppEI6GGfWDkIQDbGV6eH81k1
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-