General
-
Target
076ef9b8febf33deb3cae4018a580460_NEAS
-
Size
2.9MB
-
Sample
240506-ykqxsabd78
-
MD5
076ef9b8febf33deb3cae4018a580460
-
SHA1
2b404428fde62e0f600da698cd3f47a62d4afb24
-
SHA256
7736dee71f6b746976410e7d95f12bfa36032f9f16f7b5f5476c9488470e06d0
-
SHA512
2b84a110f3bd50f73cc08ccb7b6487b3a870a7f105e38483c3c512d798579b4d8e3d9717eed7a2192497f680714efd6b6d4f41002f47ef576551c3b811435eb5
-
SSDEEP
24576:eTy7ASmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHz:eTy7ASmw4gxeOw46fUbNecCCFbNecc
Malware Config
Targets
-
-
Target
076ef9b8febf33deb3cae4018a580460_NEAS
-
Size
2.9MB
-
MD5
076ef9b8febf33deb3cae4018a580460
-
SHA1
2b404428fde62e0f600da698cd3f47a62d4afb24
-
SHA256
7736dee71f6b746976410e7d95f12bfa36032f9f16f7b5f5476c9488470e06d0
-
SHA512
2b84a110f3bd50f73cc08ccb7b6487b3a870a7f105e38483c3c512d798579b4d8e3d9717eed7a2192497f680714efd6b6d4f41002f47ef576551c3b811435eb5
-
SSDEEP
24576:eTy7ASmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHz:eTy7ASmw4gxeOw46fUbNecCCFbNecc
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4