General
-
Target
7f0345c8a54165169260bcf0f8696f7da61524ee76d7bf696f6aa5a148701360
-
Size
8.2MB
-
Sample
241204-acqp2swrcl
-
MD5
d9d4f8a0696f68e1c76a76b495e97f4d
-
SHA1
68d2973f82d6ef3638c277b6ad3b38a119426a4d
-
SHA256
7f0345c8a54165169260bcf0f8696f7da61524ee76d7bf696f6aa5a148701360
-
SHA512
e94f2036160a2ed35ede6a8bc5ca379ca171392f4f59594fbc811736988eea4793d328c8f05904bf7b926a1b63fd33205cb004a90cd283087fa07df447877d6d
-
SSDEEP
49152:7C0bNechC0bNechC0bNecIC0bNechC0bNechC0bNeca:V8e8e8f8e8e8n
Malware Config
Targets
-
-
Target
7f0345c8a54165169260bcf0f8696f7da61524ee76d7bf696f6aa5a148701360
-
Size
8.2MB
-
MD5
d9d4f8a0696f68e1c76a76b495e97f4d
-
SHA1
68d2973f82d6ef3638c277b6ad3b38a119426a4d
-
SHA256
7f0345c8a54165169260bcf0f8696f7da61524ee76d7bf696f6aa5a148701360
-
SHA512
e94f2036160a2ed35ede6a8bc5ca379ca171392f4f59594fbc811736988eea4793d328c8f05904bf7b926a1b63fd33205cb004a90cd283087fa07df447877d6d
-
SSDEEP
49152:7C0bNechC0bNechC0bNecIC0bNechC0bNechC0bNeca:V8e8e8f8e8e8n
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzonerat family
-
Warzone RAT payload
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4