Extracted

• • Target

    EQUIPMENT.exe

  • Size

    808KB

  • MD5

    35e26976bbbfb61b9bc6509d06c89508

  • SHA1

    557ef7a66cc129182609900e6617d5423c56c79a

  • SHA256

    ef55e915dc177bdeb501a8bdedda5801bb4592cbf3bb4eac22962b2c9631272c

  • SHA512

    69555881f633e75c3c2fd1b63badf26cac4d9ff4093604e56c8a77c93c1a8ce5be5018131d7bdda90155807c6c17d14366c6663a3bf0817f24d763ca20582bd8

  • SSDEEP

    24576:7hbPwwyWW0poTbNHsQH5vHT/u17SevV3:XR3cb9JHBzgr

  Score

  10^/10

  warzoneratinfostealerrat

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzone RAT payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2