General
-
Target
COURIER DOCS#017984756.pdf.js
-
Size
3KB
-
Sample
221209-jr41nacf67
-
MD5
e85cacc133200eaeedf60706dc706e60
-
SHA1
ca40227bbff95399e20f54c9e98ed5c0c24fe7d6
-
SHA256
cbb75271e9737ab12522782a6510330331955d0a8b4069e97eba0ccfe6b002bf
-
SHA512
5f572a3aae304b499c12a13d2a025749fabf425aa18d1afbccc739bdd091c64a86e8a0cb8c7d81cc3a443aa4ffd00ea183b0ac34591b9b3938b67fb39164bfd5
Static task
static1
Behavioral task
behavioral1
Sample
COURIER DOCS#017984756.pdf.js
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
COURIER DOCS#017984756.pdf.js
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
COURIER DOCS#017984756.pdf.js
-
Size
3KB
-
MD5
e85cacc133200eaeedf60706dc706e60
-
SHA1
ca40227bbff95399e20f54c9e98ed5c0c24fe7d6
-
SHA256
cbb75271e9737ab12522782a6510330331955d0a8b4069e97eba0ccfe6b002bf
-
SHA512
5f572a3aae304b499c12a13d2a025749fabf425aa18d1afbccc739bdd091c64a86e8a0cb8c7d81cc3a443aa4ffd00ea183b0ac34591b9b3938b67fb39164bfd5
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-