General
-
Target
d16d91b65e8deb566fd4eaa59ce26a9563cf1a040e941bcff151422cde314729N
-
Size
1.2MB
-
Sample
241104-j95d5sxfla
-
MD5
c47ae13ef8d135cf17720c996967ed00
-
SHA1
e2989ec67e75c21e311a766fd35f4674d56b4eff
-
SHA256
d16d91b65e8deb566fd4eaa59ce26a9563cf1a040e941bcff151422cde314729
-
SHA512
1399fd559c6a0cefbd39db63b1ca45f8ef9ceef5b98d17f478b845e26e3213753088b92ad3f9c5af8934416bd8395e89df25b1cdfb4d425587c8de7052e3b564
-
SSDEEP
12288:OIbsBDU0I6+Tu0TJ0N1oYgNOFDA7W2FeDSIGVH/KIDgDgUeHbY11k8:OIbGD2JTu0GoZQDbGV6eH81k8
Behavioral task
behavioral1
Sample
d16d91b65e8deb566fd4eaa59ce26a9563cf1a040e941bcff151422cde314729N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d16d91b65e8deb566fd4eaa59ce26a9563cf1a040e941bcff151422cde314729N.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
d16d91b65e8deb566fd4eaa59ce26a9563cf1a040e941bcff151422cde314729N
-
Size
1.2MB
-
MD5
c47ae13ef8d135cf17720c996967ed00
-
SHA1
e2989ec67e75c21e311a766fd35f4674d56b4eff
-
SHA256
d16d91b65e8deb566fd4eaa59ce26a9563cf1a040e941bcff151422cde314729
-
SHA512
1399fd559c6a0cefbd39db63b1ca45f8ef9ceef5b98d17f478b845e26e3213753088b92ad3f9c5af8934416bd8395e89df25b1cdfb4d425587c8de7052e3b564
-
SSDEEP
12288:OIbsBDU0I6+Tu0TJ0N1oYgNOFDA7W2FeDSIGVH/KIDgDgUeHbY11k8:OIbGD2JTu0GoZQDbGV6eH81k8
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzonerat family
-
Warzone RAT payload
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4