General
-
Target
6763ec95c65a395178b18c9ad2be0d03abe3014e1800044c718977c27852fe4d
-
Size
2.9MB
-
Sample
240610-qaxzcaxbjp
-
MD5
19edaea823ed4d04f7cf1f90df737b3d
-
SHA1
244829d004dfbb6b8b5842c2be2cb9d982bf6a9e
-
SHA256
6763ec95c65a395178b18c9ad2be0d03abe3014e1800044c718977c27852fe4d
-
SHA512
4f650cc40df792547b126a0ecfeb4af273e14f94b651ea3e52a5fc9f94382b638fc63aaa163c52f5ed976b55937e7188e02af697abe36ef9b92be55ad0e11da9
-
SSDEEP
24576:ATU7AAmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHM:ATU7AAmw4gxeOw46fUbNecCCFbNecp
Malware Config
Targets
-
-
Target
6763ec95c65a395178b18c9ad2be0d03abe3014e1800044c718977c27852fe4d
-
Size
2.9MB
-
MD5
19edaea823ed4d04f7cf1f90df737b3d
-
SHA1
244829d004dfbb6b8b5842c2be2cb9d982bf6a9e
-
SHA256
6763ec95c65a395178b18c9ad2be0d03abe3014e1800044c718977c27852fe4d
-
SHA512
4f650cc40df792547b126a0ecfeb4af273e14f94b651ea3e52a5fc9f94382b638fc63aaa163c52f5ed976b55937e7188e02af697abe36ef9b92be55ad0e11da9
-
SSDEEP
24576:ATU7AAmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHM:ATU7AAmw4gxeOw46fUbNecCCFbNecp
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Detects executables packed with ASPack
-
UPX dump on OEP (original entry point)
-
Warzone RAT payload
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1