Extracted

• • Target

    3c2b4c82ab548b752297e6cb250ac114_JaffaCakes118

  • Size

    897KB

  • MD5

    3c2b4c82ab548b752297e6cb250ac114

  • SHA1

    370119ea96855a6934d020f3944f019890135677

  • SHA256

    1b4347b37824a5228980b97f689240fa7f099fd6cab09878456b31673fb36acd

  • SHA512

    5437fde02711fea91e6ada1689bf95ad6108e585b65744354a08b5206aeafefdf1721c6f144f70dc776b3c04aba487746accb865f61079fc958dd0fddb53ec20

  • SSDEEP

    12288:vH4cZKRn3qGaNHEyC9/oR9gy5FHK7zcvjt73J8IZnarJmgoXaYfsxYRuiNr+MrgO:vPZKJPp9AR95y2tZhnim2packLl

  Score

  10^/10

  warzoneratdiscoveryinfostealerrat

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzone RAT payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2