Extracted

• • Target

    a322b280625278dda0c613b6a7f949dd_JaffaCakes118

  • Size

    925KB

  • MD5

    a322b280625278dda0c613b6a7f949dd

  • SHA1

    f54e103c99fc476b63229900eb73720acb7d3b29

  • SHA256

    bf2830d89be54e8a25cef3f2a7ec0d0413c7993e4745300420a5b95317da3d27

  • SHA512

    161d25cc443d8f859342d6f8b54f27de50cfd9a8dd25bc627b11da6041be0435d2aa08390b02145f25a1ee126be72b1831fff81512206919b82751101103d408

  • SSDEEP

    24576:t5HwByLBYUqAskL6p9xcnpwCC2BoEOaN:rjY/k6

  Score

  10^/10

  warzoneratdiscoveryinfostealerrat

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzonerat family

    warzonerat

  • Warzone RAT payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2