Overview

overview

10

Static

static

10

ed21d31587...f1.exe

windows7-x64

10

ed21d31587...f1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ed21d31587e525fae86ae20b40d5765c89cb08d41dfeb7f4955a1844f84f1cf1

  • Size

    1.8MB

  • Sample

    250225-hwfyysvqt2

  • MD5

    8c6542f548cf39c8698e2ca668e304b5

  • SHA1

    c8440abfab9c0000cc8091733df1d800cdb2c8fc

  • SHA256

    ed21d31587e525fae86ae20b40d5765c89cb08d41dfeb7f4955a1844f84f1cf1

  • SHA512

    84d5057e913ac55890b92c38e8d6acc2e5d25592e8ce200a7784e97819a0832a519fcb0380905780426e28ff10b2f643c9c4407bfff49075c8a3e205b002be4f

  • SSDEEP

    12288:p99Vbpgx4OuE+aCpBPY0PkI686WNUfWO6yuXzT5SPlSGN/A7W2FeDSIGVH/KIDga:r1gg4CppEI6GGfWDkCQDbGV6eH81kZ

Score
10/10
warzoneratdefense_evasiondiscoveryinfostealerpersistencerat

Malware Config

Targets

    • Target

      ed21d31587e525fae86ae20b40d5765c89cb08d41dfeb7f4955a1844f84f1cf1

    • Size

      1.8MB

    • MD5

      8c6542f548cf39c8698e2ca668e304b5

    • SHA1

      c8440abfab9c0000cc8091733df1d800cdb2c8fc

    • SHA256

      ed21d31587e525fae86ae20b40d5765c89cb08d41dfeb7f4955a1844f84f1cf1

    • SHA512

      84d5057e913ac55890b92c38e8d6acc2e5d25592e8ce200a7784e97819a0832a519fcb0380905780426e28ff10b2f643c9c4407bfff49075c8a3e205b002be4f

    • SSDEEP

      12288:p99Vbpgx4OuE+aCpBPY0PkI686WNUfWO6yuXzT5SPlSGN/A7W2FeDSIGVH/KIDga:r1gg4CppEI6GGfWDkCQDbGV6eH81kZ

    Score
    10/10
    warzoneratdefense_evasiondiscoveryinfostealerpersistencerat

    • Modifies WinLogon for persistence

      persistence

    • Modifies visiblity of hidden/system files in Explorer

      defense_evasion

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzonerat family

      warzonerat

    • Warzone RAT payload

      rat

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks