Extracted

• • Target

    50c1f9426e7b18782bfe8dd638be85e4_JaffaCakes118

  • Size

    510KB

  • MD5

    50c1f9426e7b18782bfe8dd638be85e4

  • SHA1

    a507417fca984123b0de2609d91340ad5dde298f

  • SHA256

    b2fbe46792563f45618d19c9209d0e01944884741ca5dd0f232035e2708bf523

  • SHA512

    bf021d59975c473067f594302922839e881a39759c58558dd35ba637be4bde48e92b50697586e13b6d053715f3855c6dd360a89c87a0501ca3c7a755a83f787f

  • SSDEEP

    6144:Ml2KSCXwIyjLg//AwJY/NO7oORRj+LAY3EgRA2+3c8WY1/gtrU012+saG:+t/ULuVJY/N83n52EcNigm1aG

  Score

  10^/10

  discoverywarzoneratinfostealerpersistencerat

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzone RAT payload

    rat

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2