Extracted

Extracted

• • Target

    dc31387edfd4f4e2731fe5b4bda83fec84880bbb2221f295c61dd0d8fed4f15c

  • Size

    1.3MB

  • MD5

    65210977fb9e154121a323b5d55cb864

  • SHA1

    99ded3a2143b15f32119b41e91221227d68aac35

  • SHA256

    dc31387edfd4f4e2731fe5b4bda83fec84880bbb2221f295c61dd0d8fed4f15c

  • SHA512

    d16e13e13463ccf42bf589e62f0002c2a19e7f017274f41ae653160a573c2519b1938a9623c48ff3e6b1341493335a971debe96828d6ae3a5d0ad502188c9fa1

  • SSDEEP

    24576:Ku6J33O0c+JY5UZ+XC0kGso6Fa720W4njUprvVcC1f2o5RRfgUWYl:8u0c++OCvkGs9Fa+rd1f26RaYl

  Score

  10^/10

  netwirewarzoneratbotnetinfostealerratstealer

  • NetWire RAT payload

    rat

  • Netwire

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    botnetstealernetwire

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzone RAT payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2