Extracted

• • Target

    RFQ_8372.EXE

  • Size

    268KB

  • MD5

    a90ed1f4f7f3f78305e7de97d695558b

  • SHA1

    c86ba7ddfbe6807d67a013f6a3ac9d5e794aff6b

  • SHA256

    b3f62f715739b275634201649f33800caca201a2c6c32b1f424f2e312006ead0

  • SHA512

    7eeedc19ee89791f17adc24390edbc79635a0145240d6b5e076493760886e3622929604b73db992b1093da00b4d39e252df149fd01cb6a0ef0a81dc9e863156f

  Score

  10^/10

  warzoneratinfostealerratspywarestealer

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzone RAT Payload

    rat

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Suspicious use of SetThreadContext

  behavioral1behavioral2