General
-
Target
542b8bf660fe5beb72db63f56bce5f9f12d47d5aae086da1421830f0cc9220a5
-
Size
8.9MB
-
Sample
241123-2f2ehawnhr
-
MD5
b2110d7e99ac22547b8b83c4fb3b0c3a
-
SHA1
33f621610c56e3e521ff2440b2c1a3830b605302
-
SHA256
542b8bf660fe5beb72db63f56bce5f9f12d47d5aae086da1421830f0cc9220a5
-
SHA512
20a8b1cf33a67a77917a01fe0f96a42c5ba447d787ea11e1db6cf1e8cce9c187518da7cdf1fcc5c86e3073e1a85d1218c58c35a78b2e57140b4d496c356d86bc
-
SSDEEP
49152:K1XP6rPbNechC0bNechC0bNecIC0bNechC0bNechC0bNecT:K1+8e8e8f8e8e8G
Behavioral task
behavioral1
Sample
542b8bf660fe5beb72db63f56bce5f9f12d47d5aae086da1421830f0cc9220a5.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
542b8bf660fe5beb72db63f56bce5f9f12d47d5aae086da1421830f0cc9220a5.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
542b8bf660fe5beb72db63f56bce5f9f12d47d5aae086da1421830f0cc9220a5
-
Size
8.9MB
-
MD5
b2110d7e99ac22547b8b83c4fb3b0c3a
-
SHA1
33f621610c56e3e521ff2440b2c1a3830b605302
-
SHA256
542b8bf660fe5beb72db63f56bce5f9f12d47d5aae086da1421830f0cc9220a5
-
SHA512
20a8b1cf33a67a77917a01fe0f96a42c5ba447d787ea11e1db6cf1e8cce9c187518da7cdf1fcc5c86e3073e1a85d1218c58c35a78b2e57140b4d496c356d86bc
-
SSDEEP
49152:K1XP6rPbNechC0bNechC0bNecIC0bNechC0bNechC0bNecT:K1+8e8e8f8e8e8G
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzonerat family
-
Warzone RAT payload
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4