Extracted

• • Target

    1327ce9509fbbc19823b916b25854bf9_JaffaCakes118

  • Size

    1.1MB

  • MD5

    1327ce9509fbbc19823b916b25854bf9

  • SHA1

    0706866c5472fe4f3afeccbc51170e27620abe1f

  • SHA256

    5a36b6f9fe8852daabca8093de029904ab5e024426cfe3ffaeca6c14fb093501

  • SHA512

    0cdd08e339f8e823ad299d687309ed1a719d28db1dc5a59cd74c8d4761c5c9011eab24e2015eb8679322afff14d75c3e98b9d89e653e581711b6e0185924e398

  • SSDEEP

    12288:R08/V8mKvX5rj3GpigdrCAZUwNQ1eCoFvk7ZM8VlUXWABfGlW:RRVr65rbGp/UJVo92bV1gfGw

  Score

  10^/10

  warzoneratdiscoveryinfostealerrat

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzone RAT payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2