General
-
Target
8e98025573f3257902b947d270f86f82bbfcd690589132dc440c5c99d6033b04
-
Size
2.9MB
-
Sample
240501-azxf4sde34
-
MD5
0b037c66b232781abe38be7055e7a3e7
-
SHA1
aefa46c85ec1b11183453dfc719281c3009f2782
-
SHA256
8e98025573f3257902b947d270f86f82bbfcd690589132dc440c5c99d6033b04
-
SHA512
18b28741c7ce9c107d1319374d0eb133aacbb4306e841a3bf584022dcab0b95866ae22679d31666553daaa7352b2dddc8ad0f95505e54cc994324067e8b1dbcc
-
SSDEEP
24576:7v97AXmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHv:7v97AXmw4gxeOw46fUbNecCCFbNecS
Malware Config
Targets
-
-
Target
8e98025573f3257902b947d270f86f82bbfcd690589132dc440c5c99d6033b04
-
Size
2.9MB
-
MD5
0b037c66b232781abe38be7055e7a3e7
-
SHA1
aefa46c85ec1b11183453dfc719281c3009f2782
-
SHA256
8e98025573f3257902b947d270f86f82bbfcd690589132dc440c5c99d6033b04
-
SHA512
18b28741c7ce9c107d1319374d0eb133aacbb4306e841a3bf584022dcab0b95866ae22679d31666553daaa7352b2dddc8ad0f95505e54cc994324067e8b1dbcc
-
SSDEEP
24576:7v97AXmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHv:7v97AXmw4gxeOw46fUbNecCCFbNecS
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Detects executables packed with ASPack
-
Warzone RAT payload
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1