Extracted

• • Target

    Symptomaticshon5.exe

  • Size

    108KB

  • MD5

    09b6c8f169567f8557b2d96d9f6d3644

  • SHA1

    f37977654300daf97df6eea1235bac7ac706cc11

  • SHA256

    b6c1e3eff87deab0b2b41040d22f74c3d824bffbd161f7248f51f3640ac7b590

  • SHA512

    478839f9f93a4abb2d0e8e1c62f58c07839780631f1cdd8b288493967cdecf6e354603ad784f92e8b82425cb4868accdabb37f78cc6ea47d89ac5c1090fce5fa

  Score

  10^/10

  warzoneratinfostealerpersistencerat

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzone RAT Payload

    rat

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2