Extracted

• • Target

    fd74ebfee89ee441e86641641b280d59a045cdb782ca800f1795452533c64f8eN.exe

  • Size

    1.2MB

  • MD5

    bb27a9057945693133949b3ec0b11970

  • SHA1

    ff22bf53ca6f0df631f300bd3e9490d4b1005a42

  • SHA256

    fd74ebfee89ee441e86641641b280d59a045cdb782ca800f1795452533c64f8e

  • SHA512

    87538e5cef7381c649715faef991d9c9ef1a50d3bffb98fccfabec03108195cdcbe6204c5a1332497bddfec5be068144958b24532b237ac9461d099898e1fb68

  • SSDEEP

    24576:bAHnh+eWsN3skA4RV1Hom2KXMmHaaIyjPcme5I:2h+ZkldoPK8YaVr/I

  Score

  10^/10

  warzoneratdiscoveryexecutioninfostealerrat

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzonerat family

    warzonerat

  • Warzone RAT payload

    rat

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Drops startup file

  • Suspicious use of SetThreadContext

  behavioral1behavioral2