Extracted

• • Target

    9f772e3b6f92a0f25a040c1fc12899847dfce0a8b0a331be87be264b536c446b.exe

  • Size

    5.7MB

  • MD5

    5a2964a93da5e8a9726ab479814f012d

  • SHA1

    bb2599555ca21395946f4d0d828f6c78394d18c2

  • SHA256

    9f772e3b6f92a0f25a040c1fc12899847dfce0a8b0a331be87be264b536c446b

  • SHA512

    889e00f04115e71e763381bee25eee66e37cc304e874c1bcbc1aa23f63ee40299e81c760296cf78b3a8159ee5327a10434759ad099a61c0496e0b0d4d3beef08

  • SSDEEP

    98304:pv8upB6APFAYS8ILk65Hxp44MVghKrVy+dr5/FtqvGo4T:18upg+GYCkf4qg4h/FQvGo

  Score

  10^/10

  warzoneratdiscoveryinfostealermacropersistencerat

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzone RAT payload

    rat

  • Suspicious Office macro

    Office document equipped with macros.

    macro

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2