General
-
Target
1abd0301a50c058d4b09f0dcd6abc4d0_NeikiAnalytics
-
Size
1.8MB
-
Sample
240513-zyn6saec92
-
MD5
1abd0301a50c058d4b09f0dcd6abc4d0
-
SHA1
8d22b8a3efeb5ed8696647bfa3735c14bea39c89
-
SHA256
3d037b1abd74600c161c59ac2216f44eb55e14e3cf674b609db99f106e78ebe9
-
SHA512
d936543f064dd1adeb36da59857b666239078b2a31a8840ec2fc4ed5ad1dde44a4a8922e61475d6f170793b9d4171c13bb1ffd0e9e17568694c2984adca9b221
-
SSDEEP
12288:L99Vbpgx4OuE+aCpBPY0PkI686WNUfWO6yuXzT5SPlSGN5A7W2FeDSIGVH/KIDgb:J1gg4CppEI6GGfWDkIQDbGV6eH81k0
Malware Config
Targets
-
-
Target
1abd0301a50c058d4b09f0dcd6abc4d0_NeikiAnalytics
-
Size
1.8MB
-
MD5
1abd0301a50c058d4b09f0dcd6abc4d0
-
SHA1
8d22b8a3efeb5ed8696647bfa3735c14bea39c89
-
SHA256
3d037b1abd74600c161c59ac2216f44eb55e14e3cf674b609db99f106e78ebe9
-
SHA512
d936543f064dd1adeb36da59857b666239078b2a31a8840ec2fc4ed5ad1dde44a4a8922e61475d6f170793b9d4171c13bb1ffd0e9e17568694c2984adca9b221
-
SSDEEP
12288:L99Vbpgx4OuE+aCpBPY0PkI686WNUfWO6yuXzT5SPlSGN5A7W2FeDSIGVH/KIDgb:J1gg4CppEI6GGfWDkIQDbGV6eH81k0
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1