General

  • Target

    8bd0e8081ba615b62548e3c086749fb2d2fc55f49a3bd0797f40ea755b7eec55

  • Size

    8.2MB

  • Sample

    241218-bvhmtswpfy

  • MD5

    8a1754d1f5ef9b37e27a5106d310007f

  • SHA1

    bfd7c126ec029446ca1ea03456d9e413222d8fcc

  • SHA256

    8bd0e8081ba615b62548e3c086749fb2d2fc55f49a3bd0797f40ea755b7eec55

  • SHA512

    97de0000bd8f94bd92596b8aeeff50beb5a58fd38593274cdebe249852735a0374500bc3f72a2aa31a82d5db07bdbfd49887b1eb44a589712e6a824f7a0db1d7

  • SSDEEP

    49152:7C0bNechC0bNechC0bNecIC0bNechC0bNechC0bNecS:V8e8e8f8e8e8f

Malware Config

Targets

    • Target

      8bd0e8081ba615b62548e3c086749fb2d2fc55f49a3bd0797f40ea755b7eec55

    • Size

      8.2MB

    • MD5

      8a1754d1f5ef9b37e27a5106d310007f

    • SHA1

      bfd7c126ec029446ca1ea03456d9e413222d8fcc

    • SHA256

      8bd0e8081ba615b62548e3c086749fb2d2fc55f49a3bd0797f40ea755b7eec55

    • SHA512

      97de0000bd8f94bd92596b8aeeff50beb5a58fd38593274cdebe249852735a0374500bc3f72a2aa31a82d5db07bdbfd49887b1eb44a589712e6a824f7a0db1d7

    • SSDEEP

      49152:7C0bNechC0bNechC0bNecIC0bNechC0bNechC0bNecS:V8e8e8f8e8e8f

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzonerat family

    • Warzone RAT payload

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.