Extracted

• • Target

    634f090793b9102a76256bc2f57af27d.exe

  • Size

    392KB

  • MD5

    634f090793b9102a76256bc2f57af27d

  • SHA1

    7a66e6d175c747ff3423a71dfdeb525ec542f3b8

  • SHA256

    561c6e890c23970149d70017c414677c85d99d428cd96378c15f8459596957c6

  • SHA512

    1cfe55dde522062b73f33a46edcf0cf5f9b84c1d8c8b6f7f6d1bbf9739d4e6fcf435a7b1965bef390fa73c1fb5506292452c52497171b220606d7a07406466f2

  • SSDEEP

    6144:jEa0PXS18jHzrwmFPpNUAvyrXRnAPljWUAJvSbn:Ki18jHP/VvytcMpKL

  Score

  10^/10

  warzoneratinfostealerpersistencerat

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzone RAT payload

    rat

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2