Extracted

• • Target

    1ed1a3c75c699312d7ecffaf02f7cfb8

  • Size

    45KB

  • MD5

    1ed1a3c75c699312d7ecffaf02f7cfb8

  • SHA1

    a025c19c044dc0c8d67653de67db501ab6b1f843

  • SHA256

    685d3ec37bf67fece0e5e5ff4fafb0087e5d24d2a1371180c8f3294cbf9482a8

  • SHA512

    efda258625acfa980497ea9fb45c6075b1c6cf4b439a5475f3381b5ffed9d92a9a453f1f8538fe7372765eb97b4b97e17627086f777a6ff0ed754cd7d826af02

  • SSDEEP

    768:1wAbZSibMX9gRWjnyjEPuzwQPFAUcpmADU:1wAlRGyjEWESFAUcpmADU

  Score

  10^/10

  warzoneratinfostealerpersistencerat

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzone RAT payload

    rat

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2