Extracted

• • Target

    289b0178ccdf574ab2d4089acf38ed83_JaffaCakes118

  • Size

    1.0MB

  • MD5

    289b0178ccdf574ab2d4089acf38ed83

  • SHA1

    2022819bc6362a5fa84551fb218dee752ab22c02

  • SHA256

    c0aefc897b9d8adf9a00e60ed0bdfbb54028dfcc7d5a7cd4e224dac2c4b038cd

  • SHA512

    95529841af0a75606e5828b5ac2afb787e1cc9a5ce872f89daef3896d3888c9d77c655d37b5872a730f1d409eceb9d49139741e85b6e32322982ad99684501d8

  • SSDEEP

    12288:8dLEYstm9C86PWvo123x6IJYy0gL/+mHmq1z8vsB0HK7zKvyDaUVWVD0wHv48NIz:iwUx6dgTu0xiyDaUVhwP48NIovLvTe

  Score

  10^/10

  warzoneratdiscoveryinfostealerrat

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzone RAT payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2