General

  • Target

    d16d91b65e8deb566fd4eaa59ce26a9563cf1a040e941bcff151422cde314729N

  • Size

    1.2MB

  • Sample

    241104-j95d5sxfla

  • MD5

    c47ae13ef8d135cf17720c996967ed00

  • SHA1

    e2989ec67e75c21e311a766fd35f4674d56b4eff

  • SHA256

    d16d91b65e8deb566fd4eaa59ce26a9563cf1a040e941bcff151422cde314729

  • SHA512

    1399fd559c6a0cefbd39db63b1ca45f8ef9ceef5b98d17f478b845e26e3213753088b92ad3f9c5af8934416bd8395e89df25b1cdfb4d425587c8de7052e3b564

  • SSDEEP

    12288:OIbsBDU0I6+Tu0TJ0N1oYgNOFDA7W2FeDSIGVH/KIDgDgUeHbY11k8:OIbGD2JTu0GoZQDbGV6eH81k8

Malware Config

Targets

    • Target

      d16d91b65e8deb566fd4eaa59ce26a9563cf1a040e941bcff151422cde314729N

    • Size

      1.2MB

    • MD5

      c47ae13ef8d135cf17720c996967ed00

    • SHA1

      e2989ec67e75c21e311a766fd35f4674d56b4eff

    • SHA256

      d16d91b65e8deb566fd4eaa59ce26a9563cf1a040e941bcff151422cde314729

    • SHA512

      1399fd559c6a0cefbd39db63b1ca45f8ef9ceef5b98d17f478b845e26e3213753088b92ad3f9c5af8934416bd8395e89df25b1cdfb4d425587c8de7052e3b564

    • SSDEEP

      12288:OIbsBDU0I6+Tu0TJ0N1oYgNOFDA7W2FeDSIGVH/KIDgDgUeHbY11k8:OIbGD2JTu0GoZQDbGV6eH81k8

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzonerat family

    • Warzone RAT payload

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks