Extracted

• • Target

    New Order.exe

  • Size

    182KB

  • MD5

    87f1fa2cbb6d89478f3410e4275ee136

  • SHA1

    eadfde48ac259605190da64fb577314e744f7e40

  • SHA256

    aea7a35212e49f49012cdfffd1439eb1ad9e6e761345b17ebcfbc5a8dd9dd7a5

  • SHA512

    81b865a594be3f7141ba78fa93c743dfbd43e99dada8bf87cfdda2c0783ec1ba258599bc9335ba698281624cfcfe4be0bec4935de6809b88d25e34284c9a2f75

  • SSDEEP

    3072:WYJSq+ytGIon9KcHJnmZ6Fl2SfwM5p/jSalX5/8vJ+ztxoudG54QMwkloHYp4iqx:TEa0+Wz55hSvJFD54n3vKiCv7B

  Score

  10^/10

  warzoneratinfostealerpersistencerat

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzone RAT payload

    rat

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2