General

  • Target

    WarZOne.exe

  • Size

    4.0MB

  • Sample

    220321-pc6htscbfq

  • MD5

    bd217c997f860e6c95e4df1204e8b6f2

  • SHA1

    67d432c7611e1a657c39647b82afb9d7d93c7a71

  • SHA256

    cde7e237d3724ede32827c724793cd1e44f041b020a49a5188df9f0f0a92a722

  • SHA512

    a3dc42940c09b8b14ef75d70ba8ca2f75bc594dc28006eed223e68cbffb6f775bff5c82bc48e3e0af583de38d8214403273cf8552ea66f6ff2b62c622ee5a985

Score
8/10

Malware Config

Targets

    • Target

      WarZOne.exe

    • Size

      4.0MB

    • MD5

      bd217c997f860e6c95e4df1204e8b6f2

    • SHA1

      67d432c7611e1a657c39647b82afb9d7d93c7a71

    • SHA256

      cde7e237d3724ede32827c724793cd1e44f041b020a49a5188df9f0f0a92a722

    • SHA512

      a3dc42940c09b8b14ef75d70ba8ca2f75bc594dc28006eed223e68cbffb6f775bff5c82bc48e3e0af583de38d8214403273cf8552ea66f6ff2b62c622ee5a985

    Score
    8/10
    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks