General
-
Target
virussign.com_a76fddc8f45367cbd8c7a20c4f8ea310.vir
-
Size
2.9MB
-
Sample
240528-vtflmaeb54
-
MD5
a76fddc8f45367cbd8c7a20c4f8ea310
-
SHA1
1b898f2b1148e98fbc4440f394a6cfdd8a4e48ec
-
SHA256
e40969d523f4ed7c34ec74ac9a24604639a94bdd2f47398b0af8f8411afc2344
-
SHA512
bfa1427c6305bf6904342548b74d217f459e3867b5b92555eb997310367c77679f17c05765c673832360510f817f595d2ad5950a3f0cdeb3e9c5098ecfca4ea5
-
SSDEEP
24576:eTy7ASmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHM:eTy7ASmw4gxeOw46fUbNecCCFbNecD
Malware Config
Targets
-
-
Target
virussign.com_a76fddc8f45367cbd8c7a20c4f8ea310.vir
-
Size
2.9MB
-
MD5
a76fddc8f45367cbd8c7a20c4f8ea310
-
SHA1
1b898f2b1148e98fbc4440f394a6cfdd8a4e48ec
-
SHA256
e40969d523f4ed7c34ec74ac9a24604639a94bdd2f47398b0af8f8411afc2344
-
SHA512
bfa1427c6305bf6904342548b74d217f459e3867b5b92555eb997310367c77679f17c05765c673832360510f817f595d2ad5950a3f0cdeb3e9c5098ecfca4ea5
-
SSDEEP
24576:eTy7ASmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHM:eTy7ASmw4gxeOw46fUbNecCCFbNecD
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4