Extracted

• • Target

    Powerpoint Orderlist.exe

  • Size

    295KB

  • MD5

    57536c9419f4fe997a27ced8e9fc7293

  • SHA1

    763a06f6a20fcbbffa168830622977890884696b

  • SHA256

    5fce1fdab1f315ee3a2d5f7584f256b13f00eff15022b3d898563ea9a6e6b949

  • SHA512

    1f72e1e7b66898649866c2a3dec06c1f0e76316a750b08c7b6923de1e8bba2b0694c3c537dd4626ebfecc24c27992f85d8c50163890fe8fad02047f380d17f9c

  • SSDEEP

    6144:aIv2xbbwJSLjdX7Erz4NqD8nVAH5I0SW1hasdjxngwlHZ1CMLIe:F4b9Az4NqD4KH5I0z1h9XnTZce

  Score

  10^/10

  warzoneratinfostealerpersistenceratupx

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzone RAT payload

    rat

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence
  behavioral1behavioral2