Extracted

• • Target

    SecuriteInfo.com.Trojan.Packed2.44634.17765.24538.exe

  • Size

    1.0MB

  • MD5

    f04166afa495da9508533f79298a1305

  • SHA1

    40bdae12a79f798154d33f2d20b8f48181fb6bd3

  • SHA256

    f6f0e997dfa84a4d496db847f2f1f60b1d909957da2b861ca22d4d199571be73

  • SHA512

    33ab08f4155deb076744cdcf11f678cf29386c25fe9ff158e264ffef341dbf49bb736ccdc1a8e372459c99176cfba569cb8fb028146e0f637124ffca74733c94

  • SSDEEP

    24576:MM+L74mBfNUstzovQx/04QshUR6gobjTsOm6zNXd23r8JN:e/04mBoLsObzNXkI

  Score

  10^/10

  warzoneratinfostealerratcollectionspywarestealer

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2