General
-
Target
JOB-in.line e.K. - New Order 56899707.exe
-
Size
842KB
-
Sample
220805-kpvvmsabdm
-
MD5
9e8d620f00f7988a79ae5c1228f37899
-
SHA1
27e5c643563bfe8dbccf7e26e9669c2cdde8e767
-
SHA256
7907827ba244123ddc19a986203a2df7f7b9e7d984ff8efe6715372e2f431062
-
SHA512
39cd5593b238c32e0644448f6e1845760ce1a56f551a97217f2ea72c7ad72725564a2b568166b84712b12b5949a0146d7c355b4756e6985311e0451f5d09f2b0
Static task
static1
Behavioral task
behavioral1
Sample
JOB-in.line e.K. - New Order 56899707.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
JOB-in.line e.K. - New Order 56899707.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
warzonerat
20.91.187.223:5707
Targets
-
-
Target
JOB-in.line e.K. - New Order 56899707.exe
-
Size
842KB
-
MD5
9e8d620f00f7988a79ae5c1228f37899
-
SHA1
27e5c643563bfe8dbccf7e26e9669c2cdde8e767
-
SHA256
7907827ba244123ddc19a986203a2df7f7b9e7d984ff8efe6715372e2f431062
-
SHA512
39cd5593b238c32e0644448f6e1845760ce1a56f551a97217f2ea72c7ad72725564a2b568166b84712b12b5949a0146d7c355b4756e6985311e0451f5d09f2b0
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-