Extracted

• • Target

    169885548537e0c943a22b1fc10ce9b82a02be3f03dc8693dc00621db229fa8b12f1a961f0427.dat-decoded.exe

  • Size

    99KB

  • MD5

    57c76226a25c44ea73d0ffd2b8258a56

  • SHA1

    6bbae2fa99497d1803728575fda78c5f789c3e7e

  • SHA256

    24c31e8d645268f9b40c348887aebe9eacf476b25c52e904ca90967a97ca0165

  • SHA512

    2db31aa877fae9fc9696840811de3fb6266a8e8e218e1107d5f63c3e50859200d3394627a5b12f493138c7f614a4c602bb9525c514aa741b4119c4d9dabaa613

  • SSDEEP

    1536:23P7aiRdDxXp2yc9q6qT+Ry0844UudNH6GLHWVE0UXD:29dZv9W844bdNvLHWVE06D

  Score

  10^/10

  warzoneratinfostealerpersistencerat

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzone RAT payload

    rat

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2