General

  • Target

    7df71d7ecd992029e590de44f5caac2fc85718693deebf4c1cad5b63251e9e5eN

  • Size

    2.9MB

  • Sample

    241022-z4sq6avaqg

  • MD5

    32fce7d7e89b53c2be9df359fd01f510

  • SHA1

    0040a90b154b9a9c0065dac9b18a273abe63d8da

  • SHA256

    7df71d7ecd992029e590de44f5caac2fc85718693deebf4c1cad5b63251e9e5e

  • SHA512

    dc651d97e8b2aca64a1328320e5c5bb14e473fa2e15e28b9cd85e359e799c64ef47e9137f71b4094ae6a25b736e9ccc1ec3ea3acfd61fc1d69927ca200676450

  • SSDEEP

    24576:ATU7AAmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHH:ATU7AAmw4gxeOw46fUbNecCCFbNecY

Malware Config

Targets

    • Target

      7df71d7ecd992029e590de44f5caac2fc85718693deebf4c1cad5b63251e9e5eN

    • Size

      2.9MB

    • MD5

      32fce7d7e89b53c2be9df359fd01f510

    • SHA1

      0040a90b154b9a9c0065dac9b18a273abe63d8da

    • SHA256

      7df71d7ecd992029e590de44f5caac2fc85718693deebf4c1cad5b63251e9e5e

    • SHA512

      dc651d97e8b2aca64a1328320e5c5bb14e473fa2e15e28b9cd85e359e799c64ef47e9137f71b4094ae6a25b736e9ccc1ec3ea3acfd61fc1d69927ca200676450

    • SSDEEP

      24576:ATU7AAmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHH:ATU7AAmw4gxeOw46fUbNecCCFbNecY

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks