Extracted

• • Target

    ezzzzzzzzzzzz.exe

  • Size

    132KB

  • MD5

    416f744073072d41c1cc491f86a139e6

  • SHA1

    b08163f44ede1b36c41d2e661793ac092ab6c199

  • SHA256

    b9b1fc57b2ff8a6410c214b7959020f5d9b75aec91f323346695b589c32fe186

  • SHA512

    5f1edeccc94584fb08bb746f8a3236a30274d721e2b964e9ad6ffe1f49e12cfba41ad4213a45ec6714ab720f46299e17dd887149b3c58647c8a0fade41ef9060

  • SSDEEP

    3072:K7W9jps0Tx4azG6GweOTir5axbjNCz45LT7a:KwpsERzGKurEXCzeLT7a

  Score

  10^/10

  warzoneratdiscoveryexecutioninfostealerpersistencerat

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzonerat family

    warzonerat

  • Warzone RAT payload

    rat

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2