General

  • Target

    229a56c0408f3e287115e252eb16dea4ec9e1e86b4b8947e9c6d7e9767140735

  • Size

    1.8MB

  • Sample

    240528-x7j73sha9s

  • MD5

    5f5cb143a33ea80ac5c3d6814ec05a54

  • SHA1

    2c685ec56c10a4150368c3ea89e6b68082ff2b64

  • SHA256

    229a56c0408f3e287115e252eb16dea4ec9e1e86b4b8947e9c6d7e9767140735

  • SHA512

    a471460ace186af9f166e6e6a53bfbb1aadc10c2b3d1d7fc28d234a7f03f862c6a8ac2075e32ba806ef6d9f788164a37f090007c29fa8f773e33fff88aec6717

  • SSDEEP

    12288:L99Vbpgx4OuE+aCpBPY0PkI686WNUfWO6yuXzT5SPlSGN5A7W2FeDSIGVH/KIDgH:J1gg4CppEI6GGfWDkIQDbGV6eH81k+

Malware Config

Targets

    • Target

      229a56c0408f3e287115e252eb16dea4ec9e1e86b4b8947e9c6d7e9767140735

    • Size

      1.8MB

    • MD5

      5f5cb143a33ea80ac5c3d6814ec05a54

    • SHA1

      2c685ec56c10a4150368c3ea89e6b68082ff2b64

    • SHA256

      229a56c0408f3e287115e252eb16dea4ec9e1e86b4b8947e9c6d7e9767140735

    • SHA512

      a471460ace186af9f166e6e6a53bfbb1aadc10c2b3d1d7fc28d234a7f03f862c6a8ac2075e32ba806ef6d9f788164a37f090007c29fa8f773e33fff88aec6717

    • SSDEEP

      12288:L99Vbpgx4OuE+aCpBPY0PkI686WNUfWO6yuXzT5SPlSGN5A7W2FeDSIGVH/KIDgH:J1gg4CppEI6GGfWDkIQDbGV6eH81k+

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Detects executables packed with ASPack

    • Warzone RAT payload

    • Modifies Installed Components in the registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks