Extracted

• • Target

    P0662546435233435.exe

  • Size

    622KB

  • MD5

    9ad44d71d4ab6e898a2ed0915d1c03df

  • SHA1

    7fec6b39965507f9f62a7be5b70aae08a05c971a

  • SHA256

    d124be625e41349156ecf510e8af4bf2b7e83e797650b7c60f25fd6914e84365

  • SHA512

    e2ab7efe6b35358f576abed698f30870f4326883513639159d2a29760885ae3dde6db1e6a1095dd0cf09d233e00f8fe335f6106bc0d78e82bd849fcf41a9689e

  • SSDEEP

    12288:kc0douHH1J+0j/UhdMYFZE77k2D2C6cyFdt9zMCFogTDEne1WDL:kOu17/UdhmZyFD9hFdTDEe1yL

  Score

  10^/10

  warzoneratcollectioninfostealerratspywarestealer

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2