Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    BFM-720-7388372883783888278.scr.exe

  • Size

    265KB

  • Sample

    221011-x3scwsbdbr

  • MD5

    df1fc07a0fc0ce859dbda2390519a8f0

  • SHA1

    2aada949aa95b49f3663530960b7281b33ce9d5f

  • SHA256

    5cbb2697a315b04b71fd3f5e5b13122827bef573869fe0d594de05e42db9f7f9

  • SHA512

    344172221ea164f19d54b0735447c4eae20468d080b5564e22d3856b8448b4380f30046caf495f3724d415806cfa897971d0970d3357735b2ce2a6cc26afde0d

  • SSDEEP

    6144:RNeZK0ylr/28KYKjWeHlYznEy/meM22Rv3A2oLB8W54ESaAOp5EzWu:RNxcJjWeHWLEqFH2WB8cTSaAOp5Ez

Malware Config

Extracted

Family

warzonerat

C2

185.216.71.58:1856

Targets

    • Target

      BFM-720-7388372883783888278.scr.exe

    • Size

      265KB

    • MD5

      df1fc07a0fc0ce859dbda2390519a8f0

    • SHA1

      2aada949aa95b49f3663530960b7281b33ce9d5f

    • SHA256

      5cbb2697a315b04b71fd3f5e5b13122827bef573869fe0d594de05e42db9f7f9

    • SHA512

      344172221ea164f19d54b0735447c4eae20468d080b5564e22d3856b8448b4380f30046caf495f3724d415806cfa897971d0970d3357735b2ce2a6cc26afde0d

    • SSDEEP

      6144:RNeZK0ylr/28KYKjWeHlYznEy/meM22Rv3A2oLB8W54ESaAOp5EzWu:RNxcJjWeHWLEqFH2WB8cTSaAOp5Ez

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks