Extracted

• • Target

    e7c094ac3f00a57b6b3580f0aa040a12_JaffaCakes118

  • Size

    570KB

  • MD5

    e7c094ac3f00a57b6b3580f0aa040a12

  • SHA1

    c97771270588d38f34d9be683ba626999cca34b0

  • SHA256

    cc96c0104ac78160159a6d7d30a242ba341afafa450f947237d84b984cd54b00

  • SHA512

    9a70b3d7f9cfae597c2f313bbb3acc8ea846c939d37c03a8c47c8dcaebc58d2f697bfdafae5d13098800a61587a5f0cd72c3bb87e40353eac7f1bd35e07005d3

  • SSDEEP

    12288:ljdKjpgJqYJ7EovVxk14t/pO3of7g7AtMPTAMIy2fZ/n7mo5oFCEkv:ljdKjpKVJ7Eov/Q4t/p47At57mo5oFCd

  Score

  10^/10

  warzoneratinfostealerrat

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • CustAttr .NET packer

    Detects CustAttr .NET packer in memory.

  • Warzone RAT payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2