Extracted

• • Target

    JaffaCakes118_c62f20b4769e858cffa6f57c1389810c

  • Size

    500KB

  • MD5

    c62f20b4769e858cffa6f57c1389810c

  • SHA1

    e124134e6de16c1c629b195461e77e0f05155289

  • SHA256

    a9e7c2dc8fbd35ddb3a0c05cf48287689069060fa04fd5116587333f16db114d

  • SHA512

    14076c4230db38bfa055d0d5f73d46e46a7567fa1ae87b028e29c779832ad9818f30e50e78571622cc9ae75516f31d919097848d06ea3ad8779cd52b0e15468e

  • SSDEEP

    6144:bYRc5m80dO+390vGOnjaOThdzF1t4K6MWfSU2BRMer/:0RpBt0PnN+KhySBBRMer/

  Score

  10^/10

  warzoneratdiscoveryinfostealerrat

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzonerat family

    warzonerat

  • Warzone RAT payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2