Extracted

• • Target

    bc7a00a440550e0b93368e5d1524e9b5a46177f26518803d85268d9d7a1cca8a.exe

  • Size

    870KB

  • MD5

    0c74bc9529b8d9f96fc7e1b47559abd1

  • SHA1

    232bb8f072131d66e317b1f8acb1371e999447cb

  • SHA256

    bc7a00a440550e0b93368e5d1524e9b5a46177f26518803d85268d9d7a1cca8a

  • SHA512

    0ceb0b9eb1923c748b5d30281a023a0fcb407f68e8e9b3d63b289ea96770215ebd7801bd5744beba234319bef2494bfc211b1cab5bd9ac65a34fa36a6f9d54eb

  • SSDEEP

    24576:B44dBZcMzXROOhbXxHZCnkgDAN1jtyhfz87brh8:zdBZNzXROUtHZKu1+fz87h

  Score

  10^/10

  warzoneratinfostealerrat

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzone RAT payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2