Extracted

• • Target

    8ee60423bc1f9d704f96b7806b39819a.exe

  • Size

    322KB

  • MD5

    909737a0a11765901cdce436737ac172

  • SHA1

    00d77473c837e0ed2887d6285a6c3c9e47ec83c8

  • SHA256

    39cd390039e7ad850abd64cfc0b387c77470153c09d35108cf96a893185804a2

  • SHA512

    e0989e9178201f126cc600b2d64c3609ff58f7ee3ab55f177fd7301f32cf13322afe7fdbe7334c52892ffc4f5b193fb38d841371c196ac44341bd54211dab2a2

  • SSDEEP

    6144:+vMt6V/hdmkcyvAIFtUx2yTF5vdzfaiWKBilS70e8mZC9TbUcuJJCoED:EMtehrcyvAI8MyT3lfjyS70e84QEO1D

  Score

  10^/10

  bazaloaderwarzoneratdiscoveryinfostealerrattrojan

  • Bazaloader family

    bazaloader

  • Detects BazaLoader malware

    BazaLoader is a trojan that transmits logs to the Command and Control (C2) server, encoding them in BASE64 format through GET requests - JaffaCakes118.

    trojan

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzonerat family

    warzonerat

  • Warzone RAT payload

    rat

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2