General
-
Target
fb3e83187d18858e3b8a2227271733d87279655bc146b0079f4a830d6d957981.zip
-
Size
274KB
-
Sample
250327-yyz3lsxvhy
-
MD5
7417c0350e78af9831c0c8309994d1f8
-
SHA1
e99aa950e7a6754d91bf300c13fa3a52f0915c98
-
SHA256
fb3e83187d18858e3b8a2227271733d87279655bc146b0079f4a830d6d957981
-
SHA512
03258f7ca3bc0b2dd50c5af1d61138532828e7abce8f05fdef17e5e8809cf072b9cdb8b0fcc3bdb92c4ab558a68561a30aea761640d761c5c438ce082abf13ef
-
SSDEEP
6144:bDUcqg95jZE/65qIe0QEWeOjA3jjw0e9gj6a0wmgvXWiqda:3UcqkjIGqPChO8TjFrjLyiqo
Malware Config
Targets
-
-
Target
b1b3a3b2ff01c33585d2fa3eadd78741af5b421e7463450e348401be175f0a31.exe
-
Size
312KB
-
MD5
2496c32182f058193c695bf5a21d6ced
-
SHA1
8c4cd680dcfcd6a798d035351c26217098b5f9fd
-
SHA256
b1b3a3b2ff01c33585d2fa3eadd78741af5b421e7463450e348401be175f0a31
-
SHA512
098f5866a222a71239886afcbcfa092d69bc04bfd33eb0a55d8a64b574dbb7296fcfae61d680285bb19b5f16a29b7c0efe99496658e2cde7937ec8822e5c49a0
-
SSDEEP
6144:Kp5mfHHx9QFeYj/jzT+Nbbeoq2aIcEo/hLrBRfQ+8sCVKZubm8J9R7x6uQoErG:OqnxqEYj/fkaoq2aIcEwhL9Rr8sCVGG3
Score10/10-
Modifies WinLogon for persistence
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzonerat family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1