Extracted

• • Target

    4ad418db066d291782cc25d1348249f04138029a065201a2514c0976fbcd31dc.exe

  • Size

    178KB

  • MD5

    af2c74b707a39bc27264d718968fb286

  • SHA1

    8b83623fd2b68e7b3ccf4058f3eb5b9f07866e84

  • SHA256

    4ad418db066d291782cc25d1348249f04138029a065201a2514c0976fbcd31dc

  • SHA512

    716ba8a75fd655aba451a27091c507773c4add6171ae940337446c880347b32f8c4148c25b8fa23dee87a8d3df57f03ef888e314093434da7dbe8472a3ca7936

  • SSDEEP

    3072:FtHvJyoSq2WhceX0EqBqs8nI7ZlrO0ZcZOXLAcnWcAs:yUJX0EqD8Iu0iZKG

  Score

  10^/10

  discoverypersistencewarzoneratinfostealerrat

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzone RAT payload

    rat

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2