Extracted

• • Target

    ezzzzz.dll

  • Size

    133KB

  • MD5

    e1446074f200e2d4c39f9cb5d41ae87c

  • SHA1

    addb8d5e3c842c95f987be94cea86bcd16448fab

  • SHA256

    fbcce78c7e38e0f5690d8b0e610f34c71257018e72667d40ead95f933cb8a16a

  • SHA512

    a0ba3b49457bdb7691083b87778fd36f05daa9126224db60c450b96467f4cbd7f9ae785d6de95914fbdae33a42a82be7ab7b071b944c25b26baf15afe7ed2774

  • SSDEEP

    3072:T3wSeEN8bsEe0wwT+KKpiTxW7Cz4PLT85:TAEN8bFwIcIqCzILT8

  Score

  10^/10

  warzoneratdiscoveryexecutioninfostealerpersistencerat

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzonerat family

    warzonerat

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2