Extracted

Extracted

• • Target

    rbxfpsunlocker.exe

  • Size

    605KB

  • MD5

    09d083f0e2c1e8a3561209902333ad8f

  • SHA1

    d9692d3aba34a39aeb9e53cb3d25562b94e2e597

  • SHA256

    83dfcb08ea4aa1b857d952a8a177db775d1a7e9cfc30b528848a4a29c8dbf0b9

  • SHA512

    c71371263cacc4872a4bf621614940f08c9436062683be5de921ae6e509079e25ea380623e8945d40858819a664bd76590defb2a89949e8e5666190f1024ca6b

  • SSDEEP

    12288:IKOjJsDc2+WC+D+4H/xeGofENaTSuGCC709:IKyacgDD+4fwG1NaTSw

  Score

  10^/10

  revengeratwarzoneratguestdefense_evasiondiscoveryinfostealerpersistenceratrezer0stealertrojanupx

  • RevengeRAT

    Remote-access trojan with a wide range of capabilities.

    trojanrevengerat

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • ReZer0 packer

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0

  • RevengeRat Executable

    stealer

  • Warzone RAT payload

    rat

  • Downloads MZ/PE file

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Uses the VBS compiler for execution

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1