Extracted

Extracted

• • Target

    1b127532e6eaafd577d38dbdb25c6353b8cc2f0365d45760a7bdd7c88b525a2b

  • Size

    1.4MB

  • MD5

    8669227c37805699782a7a55c287a76d

  • SHA1

    26e660de75496afde9244b4fdbefd7d931bcab04

  • SHA256

    1b127532e6eaafd577d38dbdb25c6353b8cc2f0365d45760a7bdd7c88b525a2b

  • SHA512

    d1efb126e140ecd7ae3d1d2d59014a5ee48b075806cd67f22c5e3ce9a905110dc17370e1ba7783738c99b9e30e23b03c84839926160424ead8b3cca1a5eefa9c

  • SSDEEP

    24576:ru6J3xO0c+JY5UZ+XCHkGso6Fa720W4njUprvVcC1f2o5RRfgdWYL:Fo0c++OCokGs9Fa+rd1f26RNYL

  Score

  10^/10

  netwirewarzoneratbotnetinfostealerratstealer

  • NetWire RAT payload

    rat

  • Netwire

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    botnetstealernetwire

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzone RAT payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2