Extracted

• • Target

    135d6091927a8c17f67f59c328a0b8b0N

  • Size

    1.1MB

  • MD5

    135d6091927a8c17f67f59c328a0b8b0

  • SHA1

    762441fa8d2d2e221745af2c0bba6dd27e216f5d

  • SHA256

    2907ad2b43317788cb588bfa13a267b23e63724457243d26b69ede933c5fe465

  • SHA512

    d56f550161065304978db99540522ba7643a9a3b6b17e8df92636e2f43f1ff7c8654bfdccbecb41c51c030188691927666542aa89b665085a2015dd4931115dd

  • SSDEEP

    24576:fqDEvCTbMWu7rQYlBQcBiT6rprG8anYmX5YnsyQe2+axr:fTvC/MTQYxsWR7anYdsyQeY

  Score

  10^/10

  warzoneratdiscoveryinfostealerrat

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzone RAT payload

    rat

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2