General
-
Target
Order Inquiry.js
-
Size
1KB
-
Sample
221207-n3gfyshb81
-
MD5
dc2cdd20b10786d549cd916aef81df12
-
SHA1
77fdd5fb3800368cb15b5f9550976b180ecac44c
-
SHA256
1e5de62fab4bde7729d21701f8651e84f0690a8401bf1190b9aea53a7749cdde
-
SHA512
c4f4a7a36709b638bbef0e0415a9c3c6fb8d814c8fbdc63c67f56e70668db02421cfb725d39a5ef3add74da45022b313fc97e40b14625ab7ed755483e8b41205
Static task
static1
Behavioral task
behavioral1
Sample
Order Inquiry.js
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Order Inquiry.js
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
Order Inquiry.js
-
Size
1KB
-
MD5
dc2cdd20b10786d549cd916aef81df12
-
SHA1
77fdd5fb3800368cb15b5f9550976b180ecac44c
-
SHA256
1e5de62fab4bde7729d21701f8651e84f0690a8401bf1190b9aea53a7749cdde
-
SHA512
c4f4a7a36709b638bbef0e0415a9c3c6fb8d814c8fbdc63c67f56e70668db02421cfb725d39a5ef3add74da45022b313fc97e40b14625ab7ed755483e8b41205
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets DLL path for service in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-