Extracted

• • Target

    2769012a5682a98b6f68e4e50157077fef4dc0853654c68986837f17b1c6451b.exe

  • Size

    132KB

  • MD5

    2513cffce280a80414825a1bd6232883

  • SHA1

    4534a043b96d31fcf6e79bf857db5ccffac31768

  • SHA256

    2769012a5682a98b6f68e4e50157077fef4dc0853654c68986837f17b1c6451b

  • SHA512

    d65191709cd290256ba426c856cc7a7fa7cc2579458116f822a575681fe4117c97a91b088f8a19ba2352cacc7ab33cd7076ad13c55f8f3ec3d82b21e637028f9

  • SSDEEP

    3072:K7W9jps0Tx4azG6GweOTir5axbjNCz45LT7a:KwpsERzGKurEXCzeLT7a

  Score

  10^/10

  warzoneratdiscoveryexecutioninfostealerpersistencerat

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzone RAT payload

    rat

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2