General
-
Target
200fbe9804ac9ecfde419797c29ad2ac4066053c5e951a7ea337c03051742e97N
-
Size
8.2MB
-
Sample
241110-cln9paxckr
-
MD5
c0b73472f2548719fdc6ead7ee8f3290
-
SHA1
e7952d2bbdb317885268bfd3995829aebeb640ee
-
SHA256
200fbe9804ac9ecfde419797c29ad2ac4066053c5e951a7ea337c03051742e97
-
SHA512
48e06c178fc4c6ca3f1494cf1a329b0b98f81685ee764e5ce9784ecb8485047b6da812953ada43aa22484d709dd435678bc16bcddfea5c0f21d34d7f01ba5866
-
SSDEEP
49152:7C0bNechC0bNechC0bNecIC0bNechC0bNechC0bNecb:V8e8e8f8e8e8c
Malware Config
Targets
-
-
Target
200fbe9804ac9ecfde419797c29ad2ac4066053c5e951a7ea337c03051742e97N
-
Size
8.2MB
-
MD5
c0b73472f2548719fdc6ead7ee8f3290
-
SHA1
e7952d2bbdb317885268bfd3995829aebeb640ee
-
SHA256
200fbe9804ac9ecfde419797c29ad2ac4066053c5e951a7ea337c03051742e97
-
SHA512
48e06c178fc4c6ca3f1494cf1a329b0b98f81685ee764e5ce9784ecb8485047b6da812953ada43aa22484d709dd435678bc16bcddfea5c0f21d34d7f01ba5866
-
SSDEEP
49152:7C0bNechC0bNechC0bNecIC0bNechC0bNechC0bNecb:V8e8e8f8e8e8c
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzonerat family
-
Warzone RAT payload
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4