Extracted

• • Target

    cf4e245767f02b7fa8b7920a2793f38e82fd0b465a4227542cfc107a23588ce8.exe

  • Size

    1.0MB

  • MD5

    40d873660d330a0c7b7f4c85cad6b704

  • SHA1

    cd7b401b696a26b324163b17b19ddcb34341144e

  • SHA256

    cf4e245767f02b7fa8b7920a2793f38e82fd0b465a4227542cfc107a23588ce8

  • SHA512

    418cb8b77729a1c1be9d1448641a9565f72acf762b20e248f69465fa9a18b729932bb12a5c47f32868a1d1c19150b85e06cbde6c2f373709a8cab7bc2bb6f201

  • SSDEEP

    24576:uRmJkcoQricOIQxiZY1iaCEqHMuzHwNH7ZWzDRke3b+VKx:7JZoQrbTFZY1iaCEqHMSeZeke3bzx

  Score

  10^/10

  warzoneratdiscoveryinfostealerrat

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzone RAT payload

    rat

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2