Extracted

• • Target

    file.exe

  • Size

    375KB

  • MD5

    b39590e4dfa1e1cd65137ea39516f2ab

  • SHA1

    5288b6d596ee722f91d433de71a34951834034a2

  • SHA256

    04358cf18a40cd84d8228374ba2909c7bddff434c1fa8aa9f90340a8ca8ed677

  • SHA512

    deedbf0a960fdce33771971a388a31a02b60bc7d1537d55b6fd02ebfc1ba687ff3346cd68460d80b2b534c053677ffb33fdaa57d21a84e52f717ed112e28842a

  • SSDEEP

    6144:9Ea0HdHIKAkhemyJ+NUIusCYwzCziHlLWtDdDVtAt7ASDcWejvXwh+Le/yBHmHA0:kUkbNDusniFithD08SDcXjvSke/y/un

  Score

  10^/10

  warzoneratinfostealerpersistencerat

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzone RAT payload

    rat

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2