Extracted

• • Target

    1715671566ff29b1c279c8e66099d383a7e1b960729a091c6d4225ded86182badee2c75ba9889.dat-decoded.exe

  • Size

    98KB

  • MD5

    c3b94b58df683ce5d5ff33f2846dd18f

  • SHA1

    28c044b0e1cee740f146a0c435d0b5f5183355f2

  • SHA256

    d677958e05d8e8a3424225fd62da4a68c9401aa13658ecb9d6dbff18372aca85

  • SHA512

    c568063157bf4be197e6fe01780ef090a63f958a8fb2caf51c38ac6c64084de789b4b8471a99d9b85ca9bcbb754c50a412a7a125929c1127cd305bf783164c91

  • SSDEEP

    1536:5Csejmb+6BQyusX1UjtA0uWRf/eloc/9T1jVEypm:AtD6jSm0uWRfCogTjVEG

  Score

  10^/10

  warzoneratcollectioninfostealerpersistenceratspywarestealer

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzone RAT payload

    rat

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence
  behavioral1behavioral2