Extracted

• • Target

    61a4c77bc0861ec1b5b6fb5acf4d0d56.exe

  • Size

    113KB

  • MD5

    61a4c77bc0861ec1b5b6fb5acf4d0d56

  • SHA1

    ac2f82bc5bd131594e225f484e5f005163201070

  • SHA256

    35da24f2eaaf244a17ad7e8693f679ec31ce04b09b001ca0389c2da94dcea73c

  • SHA512

    366937cec20aa5d560459d12c3374f2e1846933b42329393de0e5b3c97dd1f020c6fc05db375644f6610415fefb5d417669bae3c8eb057a1363a50f98e906daf

  • SSDEEP

    1536:h0jP7/L1B5rVmN8sxHv2M28ix8EUaJxW4KB4u0OVE01:K1VmhaH8EFvWH0OVE0

  Score

  10^/10

  warzoneratcollectioninfostealerpersistenceratspywarestealer

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence
  behavioral1behavioral2