Extracted

• • Target

    40ed659a324a3c1373badff75a99fe30N.exe

  • Size

    152KB

  • MD5

    40ed659a324a3c1373badff75a99fe30

  • SHA1

    45c509c7ca08388e41f06ccd2e07787745492cce

  • SHA256

    6d30aceb7ad65b1143b60e981c1f1582cdb47b4e46030204587bf717a95a066c

  • SHA512

    e512e1fd55fd55ac44c5e948e9832bbd0151ddc28c96c44abaddf52fbfb9b1609fe03779adbc6c7164246f8fe977dadddf4f9234a6cdc83adcef2453ec5f0350

  • SSDEEP

    3072:4NLOpnhTdOw9YAJOzIY9gVl01T2ENipdDg0z5m:4NLYdT97JSIFl0QENqFm

  Score

  10^/10

  warzoneratdiscoveryexecutioninfostealerrat

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzone RAT payload

    rat

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2