General

  • Target

    fadbc898d87f572dae942bfc42febf2f740ab758ebfaec0e6f5ce7b24cdb5e88N.exe

  • Size

    8.9MB

  • Sample

    241219-nn88essrfk

  • MD5

    6a052e6831d9c5e6df1443b450566850

  • SHA1

    da413c51d398f49b7dde72f44693158797214c1a

  • SHA256

    fadbc898d87f572dae942bfc42febf2f740ab758ebfaec0e6f5ce7b24cdb5e88

  • SHA512

    d78a8999529598b978e2d34a5980a18f96c8d1210b70df5c797fcc96e2d2a665b04be055ed5907318c878d03da2da8e26bc1cf0a8c564e20b867e53ec1ee2135

  • SSDEEP

    49152:K1XP6rPbNechC0bNechC0bNecIC0bNechC0bNechC0bNece:K1+8e8e8f8e8e8d

Malware Config

Targets

    • Target

      fadbc898d87f572dae942bfc42febf2f740ab758ebfaec0e6f5ce7b24cdb5e88N.exe

    • Size

      8.9MB

    • MD5

      6a052e6831d9c5e6df1443b450566850

    • SHA1

      da413c51d398f49b7dde72f44693158797214c1a

    • SHA256

      fadbc898d87f572dae942bfc42febf2f740ab758ebfaec0e6f5ce7b24cdb5e88

    • SHA512

      d78a8999529598b978e2d34a5980a18f96c8d1210b70df5c797fcc96e2d2a665b04be055ed5907318c878d03da2da8e26bc1cf0a8c564e20b867e53ec1ee2135

    • SSDEEP

      49152:K1XP6rPbNechC0bNechC0bNecIC0bNechC0bNechC0bNece:K1+8e8e8f8e8e8d

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzonerat family

    • Warzone RAT payload

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.