Extracted

• • Target

    0923b96551a00cf7c004115637a4e0eb9d80ea8c6ab80c6515b3f3ca28bd5eb4.doc

  • Size

    3KB

  • MD5

    08e4197b0f47a59e1061a1c30c445daa

  • SHA1

    a3c5eb519045be882bcc057f4df655789f542ee8

  • SHA256

    0923b96551a00cf7c004115637a4e0eb9d80ea8c6ab80c6515b3f3ca28bd5eb4

  • SHA512

    5b7a923f6cc6f1baddb728dce653b5af353cc1a2544348fd857b0ede029470307597e39a151460a79e4bd3963b8438ae55531dbb2d2f26fc55483c9c8ce8f336

  Score

  10^/10

  warzoneratinfostealerrat

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzone RAT payload

    rat

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2