General
-
Target
WarZOne.exe
-
Size
4.0MB
-
Sample
220321-pc6htscbfq
-
MD5
bd217c997f860e6c95e4df1204e8b6f2
-
SHA1
67d432c7611e1a657c39647b82afb9d7d93c7a71
-
SHA256
cde7e237d3724ede32827c724793cd1e44f041b020a49a5188df9f0f0a92a722
-
SHA512
a3dc42940c09b8b14ef75d70ba8ca2f75bc594dc28006eed223e68cbffb6f775bff5c82bc48e3e0af583de38d8214403273cf8552ea66f6ff2b62c622ee5a985
Static task
static1
Behavioral task
behavioral1
Sample
WarZOne.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
WarZOne.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
WarZOne.exe
-
Size
4.0MB
-
MD5
bd217c997f860e6c95e4df1204e8b6f2
-
SHA1
67d432c7611e1a657c39647b82afb9d7d93c7a71
-
SHA256
cde7e237d3724ede32827c724793cd1e44f041b020a49a5188df9f0f0a92a722
-
SHA512
a3dc42940c09b8b14ef75d70ba8ca2f75bc594dc28006eed223e68cbffb6f775bff5c82bc48e3e0af583de38d8214403273cf8552ea66f6ff2b62c622ee5a985
Score8/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-