Extracted

• • Target

    mac.exe

  • Size

    488KB

  • MD5

    d17f096da9df5fd709724e7c3b40abd9

  • SHA1

    7caf8c68a6d9a9b8fd5f53d49a8ac4721ee841eb

  • SHA256

    c9f4f2be380162c81b4ebe85adf10628a9dbdd318508b3236be41ed3f9dbc615

  • SHA512

    ba169bb4af95b299e4720eef9406d7dd5f818b9c99ee5d9fa120db90d2e866ca99f80cdf0a47ab1781efe24ad3186c6e8b8c1887a357178f4a94535f0de39d78

  • SSDEEP

    6144:MEa0mVYOrW44rarv+po4zbkFrYhpV7z0DUoqWCxHMyOxZvdO/D6sifs7O+j3DLg3:IJgpVwFUhpV73kCxsyOxZEbhh3PId

  Score

  10^/10

  warzoneratinfostealerpersistencerat

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzone RAT payload

    rat

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2