Extracted

• • Target

    Hsbct872....exe

  • Size

    779KB

  • MD5

    29a700f72e096f9c0e8b8aa070bc635e

  • SHA1

    9445efb9a40f45d1780993500dbf7c589d5dfdc1

  • SHA256

    6a29b861af5094143b6db38ff27f50c349a12bb1112d1b5af67b7fad47632d4c

  • SHA512

    d8436fa8a9d0b29631ce666f796d6c93123c38ee65b696daec7bf1de00cc97a0a68c3211d971babf73b9ad191dca78304e022af214f7efea6551444a3cc34a91

  • SSDEEP

    12288:jZ9RbZU79Ar5KJKp07ebVHwzYCxYC5cOFcEHtkOUR8PL5y6nnjqKoe:FG9Avp07BVxZ5N26nnjqKoe

  Score

  10^/10

  warzoneratdiscoveryinfostealerrat

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzone RAT payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2