Extracted

• • Target

    428ac1995223c9624d238b0755a3ed7093f57a1b1b4b6586a3583f3c288cc0ca.exe

  • Size

    1.2MB

  • MD5

    052200ae4923b32abfcb2d2083abda94

  • SHA1

    09825db7b451313f29843738c71c8930b1a8170d

  • SHA256

    428ac1995223c9624d238b0755a3ed7093f57a1b1b4b6586a3583f3c288cc0ca

  • SHA512

    0a23c9fe833e90b23226d0d5deee361c756633d1d176d25951cad102f0e063cf65b9101698169df5cc6f5755e51a29249f08e2ebf0600e153310728de10b1ce5

  • SSDEEP

    24576:bAHnh+eWsN3skA4RV1Hom2KXMmHaaIyjPcme5I:2h+ZkldoPK8YaVr/I

  Score

  10^/10

  warzoneratdiscoveryexecutioninfostealerrat

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzonerat family

    warzonerat

  • Warzone RAT payload

    rat

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Drops startup file

  • Suspicious use of SetThreadContext

  behavioral1behavioral2