Extracted

• • Target

    JhHhHhHh.exe

  • Size

    280KB

  • MD5

    a7f32a8e11125a2b976ce58edfaca4cf

  • SHA1

    4f57f407cfe662b86b9aa34bf272ed1a6a7d0d7a

  • SHA256

    ffb8a170828d3de522aa7e5fc90da90c099a7da01a8255d5158150cae85d3690

  • SHA512

    b9ac4ceb8c3b20a6afbbc42f66a13fc68562df896de6b673d70cf162d6d09ad74edcfd0fac6baba77a6246b4cae8d75f9e55d7caa849c63d00f10fc134042c20

  • SSDEEP

    6144:cZ9LtXY3v+6PoBE5qGsAWiffVNBy0O12udoEUAEGpJwn4:cPhXu9Po8ZWi3JwldEOp

  Score

  10^/10

  warzoneratdiscoveryexecutioninfostealerpersistencerat

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzone RAT payload

    rat

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1