Extracted

Extracted

• • Target

    9c2fb4612f7c645b6a24eea0bb82cb64f24a574024f8460b2eefc33c12d68065

  • Size

    1.3MB

  • MD5

    c9741b64f49737fc5df87c07b75694ac

  • SHA1

    15168f4361b3de61becd181e55521439287af7aa

  • SHA256

    9c2fb4612f7c645b6a24eea0bb82cb64f24a574024f8460b2eefc33c12d68065

  • SHA512

    8306896470ed4e09b9776ba89760ff488b9bab3cdc0c1745a044806a9c1ef6598d6c4d17b103b1b3b252dc938dd8fd670d547d4d7967f326372690cf371cebc6

  • SSDEEP

    24576:Ku6J33O0c+JY5UZ+XC0kGso6Fa720W4njUprvVcC1f2o5RRfgUWYD:8u0c++OCvkGs9Fa+rd1f26RaYD

  Score

  10^/10

  netwirewarzoneratbotnetinfostealerratstealer

  • NetWire RAT payload

    rat

  • Netwire

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    botnetstealernetwire

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzone RAT payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2