Extracted

• • Target

    08771e45538f2faa1cc9b890f5dbea6ed4ccf1f0a2a7524029f2845ecc99b712

  • Size

    1.8MB

  • MD5

    31431004556597a633f858c122c85b60

  • SHA1

    fea5847bb6a5daae2688e349c827e30c51b4485f

  • SHA256

    08771e45538f2faa1cc9b890f5dbea6ed4ccf1f0a2a7524029f2845ecc99b712

  • SHA512

    7ea9edb6586a04f95de3522bd6a9aac661a04bfdd66af9c5d76fc38c5412deee8053db2e3906bfebbcae3d80141aee263bc73ac12de13f1f1f3df8f72241c8bd

  Score

  10^/10

  hiveratwarzoneratinfostealerratstealer

  • HiveRAT

    HiveRAT is an improved version of FirebirdRAT with various capabilities.

    ratstealerhiverat

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • HiveRAT Payload

  • Warzone RAT Payload

    rat

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2