General
-
Target
e504883f3a2d69912b526e13c7e54d230ed6d8d68c0715e4a0e0159cfab7fcb4
-
Size
1.8MB
-
Sample
240504-ev749sch8s
-
MD5
693cc8ba126e1e6a11b8de5aa36e9e34
-
SHA1
78664a9d505b240b2dfea20fdb72913319f52a42
-
SHA256
e504883f3a2d69912b526e13c7e54d230ed6d8d68c0715e4a0e0159cfab7fcb4
-
SHA512
4402ef7313a4aa5f5b8211e5ed6cea31726b80487f6759c845502dfb7ebb41b0579fc59c17d1d3e9f32602a8d1448bcbe4dcc725e9155ff548ba6ac985f17c9c
-
SSDEEP
12288:i254f/VAuj79umm3xR0lq+X6kOyeXiYxewRJBWW59qA7W2FeDSIGVH/KIDgDgUee:x+D9uVMpjOyerrFQDbGV6eH81kS
Behavioral task
behavioral1
Sample
e504883f3a2d69912b526e13c7e54d230ed6d8d68c0715e4a0e0159cfab7fcb4.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e504883f3a2d69912b526e13c7e54d230ed6d8d68c0715e4a0e0159cfab7fcb4.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
e504883f3a2d69912b526e13c7e54d230ed6d8d68c0715e4a0e0159cfab7fcb4
-
Size
1.8MB
-
MD5
693cc8ba126e1e6a11b8de5aa36e9e34
-
SHA1
78664a9d505b240b2dfea20fdb72913319f52a42
-
SHA256
e504883f3a2d69912b526e13c7e54d230ed6d8d68c0715e4a0e0159cfab7fcb4
-
SHA512
4402ef7313a4aa5f5b8211e5ed6cea31726b80487f6759c845502dfb7ebb41b0579fc59c17d1d3e9f32602a8d1448bcbe4dcc725e9155ff548ba6ac985f17c9c
-
SSDEEP
12288:i254f/VAuj79umm3xR0lq+X6kOyeXiYxewRJBWW59qA7W2FeDSIGVH/KIDgDgUee:x+D9uVMpjOyerrFQDbGV6eH81kS
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Detects executables packed with ASPack
-
Warzone RAT payload
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1