Extracted

• • Target

    RFQ #3654576_QUOTE_JUNG-GONG-Specification^^^^PDF.scr.exe

  • Size

    1.5MB

  • MD5

    3def39843310785d5647a654bfc3d318

  • SHA1

    bbe6cc1f8cd6a9a5a2f145ac60a06f08599325e6

  • SHA256

    ae91393b850f103349a6832dbf36e3027882e4bbcf6f45bedabf52f8061c3a9d

  • SHA512

    9730bf89e2b7b9ef8b9cb168374021c9e4fadd84ee1ab13f8830e455f1a000ad9e13021781a3d787057df069201e5e32564e355180213f60257db6848498e303

  • SSDEEP

    24576:utw3MnZxfyIeshcedH00ccfCSC6mdTVcpMTvV8UISlU0FISfYLLIu25cPK:IwMnPyILh9JcFjUk0BMdfVwK

  Score

  10^/10

  warzoneratcollectioninfostealerpersistenceratspywarestealer

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2