General

  • Target

    ad96852464c87af2d70815083626df3907cbc025e3e525389ba87e6ec0c27606

  • Size

    1.2MB

  • Sample

    240412-as31bada9z

  • MD5

    dfeda6d6140be1872c728fd0781340a7

  • SHA1

    11bbe8180ce8d441f4792806901287cef28b139d

  • SHA256

    ad96852464c87af2d70815083626df3907cbc025e3e525389ba87e6ec0c27606

  • SHA512

    3145c3c3fda964ed4864071b4c97af45cd325c55d3da77e70a3a16390633080a0b13f99f0f5e9bad7070ed253b9a8c24c1d5e3894ad2231e7ae8a1774766e51b

  • SSDEEP

    12288:OIbsBDU0I6+Tu0TJ0N1oYgNOFDA7W2FeDSIGVH/KIDgDgUeHbY11k9:OIbGD2JTu0GoZQDbGV6eH81k9

Malware Config

Targets

    • Target

      ad96852464c87af2d70815083626df3907cbc025e3e525389ba87e6ec0c27606

    • Size

      1.2MB

    • MD5

      dfeda6d6140be1872c728fd0781340a7

    • SHA1

      11bbe8180ce8d441f4792806901287cef28b139d

    • SHA256

      ad96852464c87af2d70815083626df3907cbc025e3e525389ba87e6ec0c27606

    • SHA512

      3145c3c3fda964ed4864071b4c97af45cd325c55d3da77e70a3a16390633080a0b13f99f0f5e9bad7070ed253b9a8c24c1d5e3894ad2231e7ae8a1774766e51b

    • SSDEEP

      12288:OIbsBDU0I6+Tu0TJ0N1oYgNOFDA7W2FeDSIGVH/KIDgDgUeHbY11k9:OIbGD2JTu0GoZQDbGV6eH81k9

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Detects executables packed with ASPack

    • Warzone RAT payload

    • Modifies Installed Components in the registry

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks