Extracted

• • Target

    Purchase Order No. W2201091.exe

  • Size

    394KB

  • MD5

    7bd1be0230d05485cf9999ea0373417b

  • SHA1

    a1945c82e3513dd9e1ac3f337a262a8cbf9e6957

  • SHA256

    9f7d82aeddf916d2afbdee07a61a080d9dced51adc79851930de708318bea5ca

  • SHA512

    4a7d164a9810125d4e1ebeaa3f89a8fb172cd6021c5fcc3fa1c1b21b7a8ca4321c297ecf29a4dd25d06196e0bed38a279cba2d9b135e9e36db2c1a82461f26b6

  • SSDEEP

    12288:K04sGNn/lBij2l0/eGRYpyuD8Iy/Je/XCGb32Udv72ikJSurBlWAKdagiEZIxZni:K04sGNn/lBij2l0/eGRYpyuD8Iy/Je/l

  Score

  10^/10

  warzoneratinfostealerpersistencerat

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzone RAT payload

    rat

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2