Extracted

• • Target

    tmp

  • Size

    153KB

  • MD5

    74cf39132e2b3d825a2f6c0b9cd4ba90

  • SHA1

    df674c8c6156698be10c0285fb3bc56a2daab533

  • SHA256

    b32a1e21f9941f2e70fac915af9cea3add6f859b8ccca73cc5aadf369af3ae1c

  • SHA512

    a6794a1b3ee3a374724a25a092f855460c9fc5cba002f7b414152ca8314ecaf1ee97b1e79d2c69cf768a589367a1af22ae49cf882a24558c3bde9e7b37de8d06

  Score

  10^/10

  neshtawarzoneratinfostealerpersistenceratspywarestealer

  • Modifies system executable filetype association

    persistence

  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzone RAT payload

    rat

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence
  behavioral1behavioral2