Extracted

• • Target

    JaffaCakes118_742633f0973b98455e5fd3790aae007b

  • Size

    6.1MB

  • MD5

    742633f0973b98455e5fd3790aae007b

  • SHA1

    d1a1779b0d32728b0d73a91c6d52fbce6815e208

  • SHA256

    af83227ac7eb6c50788e8c996cb54ff2899931aa999913bde80710ba2dcd8442

  • SHA512

    adf922e3008074b445f1c0d1469d8abe1df3f4aefbd5f63f2527f1384e537f58dbff63038bafffdc93608109b956b9545fc523ccaf9c98a04db1a3e3d693bc28

  • SSDEEP

    98304:a9KWfMRBZ2llhSfbbiBl1FrU06aZ7P9vdjjR+:a9KOMRBZmlQfbbiBl1hUgZ7P/V+

  Score

  10^/10

  warzoneratdiscoveryinfostealerpersistencerat

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzonerat family

    warzonerat

  • Warzone RAT payload

    rat

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2