General
-
Target
AWB_20220614.js
-
Size
491KB
-
Sample
220615-m7vzgaggg4
-
MD5
6610d7103150befc1c105bc1761f8400
-
SHA1
6cc6d390e077a43752b3aa329bd4c1c1ae6e6325
-
SHA256
c17a47ba600580e0d2229b4c8e12e6063a2c20792fcf0ff256fb85040a6d0799
-
SHA512
ebd3906b2a1bfda395133326877a1cf1d0a4a1f7483de751d96e621f266e3b50aaadc6a8a6d51c7cec7c7e019e2299500d29b18e2d4f7e875317c79f275187e2
Static task
static1
Behavioral task
behavioral1
Sample
AWB_20220614.js
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
AWB_20220614.js
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
AWB_20220614.js
-
Size
491KB
-
MD5
6610d7103150befc1c105bc1761f8400
-
SHA1
6cc6d390e077a43752b3aa329bd4c1c1ae6e6325
-
SHA256
c17a47ba600580e0d2229b4c8e12e6063a2c20792fcf0ff256fb85040a6d0799
-
SHA512
ebd3906b2a1bfda395133326877a1cf1d0a4a1f7483de751d96e621f266e3b50aaadc6a8a6d51c7cec7c7e019e2299500d29b18e2d4f7e875317c79f275187e2
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-