Extracted

• • Target

    1ca618bba986d71007c944f585faad2c_JaffaCakes118

  • Size

    928KB

  • MD5

    1ca618bba986d71007c944f585faad2c

  • SHA1

    c127407d4363ec0ba5aaad2860d2279e3be6dba8

  • SHA256

    c1576e2a6542baf1bedf9a8f9b62da6a5e2f17dfcef52e5d977bc268c11306ca

  • SHA512

    e47442e687682d969ed8937ae0235f0f4b44f00843523247e1ca7840a3f1c49ed620e6b8b7f6b6566529f477443340879992dda7c19fb9427381e7862b36fb2f

  • SSDEEP

    12288:54FSTZYH4sfCUXwJlqxYI6zeZ6aHdsqaB4izoxK0G6UD4ZRHxwnyLWlGnM+:84ZYYsfqJlE6ze8IdZaBw

  Score

  10^/10

  discoverywarzoneratinfostealerrat

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzone RAT payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Uses the VBS compiler for execution

  • Suspicious use of SetThreadContext

  behavioral1behavioral2