Extracted

• • Target

    Scanned008907.exe.bin

  • Size

    1.0MB

  • MD5

    0b5c131ce6f6ba1e86293ac0b16317b1

  • SHA1

    10b03b58dceedfd1c99f04200d9692ef846a8030

  • SHA256

    396346640d472168f07c041e8dfb3648050e2d36f16e93416cafc2354f3a857e

  • SHA512

    729880fd1553e154b0180ef7c19f00092511ae9dac6560a5b53365ca93f6fd78ed2bd1f52968fa5b5325591214a96140948b70525b0b76bbbd9f1bfad32b62cb

  • SSDEEP

    12288:aq+gtQtCm4yiiguuR3uq+CjCk8feoFgAXuRs2AB6T8H3+H+5CA2G:VIT4i0CkO5HXB6gX+H+57B

  Score

  10^/10

  warzoneratinfostealerpersistenceratredlinestealer

  • Detects Redline Stealer samples

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzone RAT payload

    rat

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2