Extracted

• • Target

    57aecd5b8581c8ff940f279053a41ae3937372959e47552769cef88bed7421e6.exe

  • Size

    7.7MB

  • MD5

    7f5a2fca2a3a5af9c809823cf3d593c0

  • SHA1

    3886cfb92519a7f54241efb660db17cd3c566bb1

  • SHA256

    57aecd5b8581c8ff940f279053a41ae3937372959e47552769cef88bed7421e6

  • SHA512

    00fe3d38b549617de5d204d41e6413a09a926bc0c741eae853a22a9dbcb991a6392c9ea2a1d3161488bc82e397de626916bd0944f927dfaa46e728df4bcbb4ac

  • SSDEEP

    49152:KxbvjDayGjkW6qwQ3GamxRMcQAFU4uhw7WfBdKv6f/dJnUYt50Q31+20ULaCcMj5:jM63G4B6vGoqzj1agH1N/sRB7zvjU

  Score

  10^/10

  warzoneratcollectiondiscoveryinfostealerrat

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzonerat family

    warzonerat

  • Warzone RAT payload

    rat

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2