Extracted

• • Target

    ST120ST1100 (ST).doc.exe

  • Size

    886KB

  • MD5

    0969f4734166d4213b402bd43ccb68a1

  • SHA1

    2b6f818c885749489f281ef83aeb88fee0f4851c

  • SHA256

    bf876c98490e467664b991ca81b9d5159cf3360d8c89909b0d07acd96aa5d635

  • SHA512

    e5f1434b85b36543228f174e20febc9a93aa1ea3d8b7df012483fdf45ad00756d1a3ce71c61ab572b0d3829f5b38329d5cce7d976f6cafecf360f993100f72e6

  • SSDEEP

    24576:HsE7jeXykYKmbAsXCjKK4qSUfCom6CX2Z:gyk8JXOKKfhNm6Cm

  Score

  10^/10

  warzoneratcollectioninfostealerratspywarestealer

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzone RAT payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2