Extracted

• • Target

    SecuriteInfo.com.IL.Trojan.MSILZilla.22184.14819.7977

  • Size

    888KB

  • MD5

    1bcd34738e63d6e4c67d56a5ab8d3cd0

  • SHA1

    8c8ee03272b9ec906ec060b39dd1b2ac0e820323

  • SHA256

    20f1a52cdcc9248da403d92ef63b76463276fbe27ef0cb8f7a5d862c325b1b5e

  • SHA512

    a095f1e9de182c0b6c01d6e7de354074b7df236dfe7ec568456b82252a675a3fe7e8a948e8c2b155b70a29f1a86b4e598ba8b2df83ed300345f0918c9b3b90c1

  Score

  10^/10

  warzoneratinfostealerrat

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzone RAT payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2