Extracted

• • Target

    Purchase Order NO 108455X11 pdf.exe

  • Size

    596KB

  • MD5

    0abbf894de1f9b7f2c5e06f9df021877

  • SHA1

    f3ccb34fb689ef7cef609b7151ba7a6c927235b4

  • SHA256

    8d5dff62315a46f1edc209042ae342f554e20102d5e9954d720d9b2864712db9

  • SHA512

    ea6f52ba56cbf16966005c488f3e0c26ae6514e92ec7bee60fad0c33889b919b23ffcdba692820747eedfbe24d7d955148ad252fe4d32ff7483e1a21f13a2a90

  • SSDEEP

    12288:c8p3QmQeRPoYub/eWTsGhEmRrBCRkihqRBbDj507kyLL1XXMQ:c09Nc/JhfMQBLmoyLJnM

  Score

  10^/10

  warzoneratcollectioninfostealerratspywarestealer

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2