Extracted

• • Target

    31746508b5cda8badec446cbb60b356e.exe

  • Size

    113KB

  • MD5

    31746508b5cda8badec446cbb60b356e

  • SHA1

    6b580b84b6170265e9d52439d2c5384a762e65fe

  • SHA256

    c2737f26a23c6d9dcdd21f052f85414c3a2b92455df9173c7a9874a52f438233

  • SHA512

    9a7156e5dd819f486b34601c0be9d30c251cc04cb28d6751e9dc35fa691efff8884972edc08712bb888934bb38a8a1c380d7dc05ec10502adda995ea4d74711e

  • SSDEEP

    1536:h0jP7/L1B5rVmN8sxHv2M28ix8EUaJxWhPmB4u0OVE01W:K1VmhaH8EFvWY0OVE0g

  Score

  10^/10

  warzoneratcollectioninfostealerpersistenceratspywarestealer

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Sets DLL path for service in the registry

    persistence

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Modifies WinLogon

    persistence

  • Drops file in System32 directory

  behavioral1behavioral2