Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
BFM-720-7388372883783888278.scr.exe
-
Size
265KB
-
Sample
221011-x3scwsbdbr
-
MD5
df1fc07a0fc0ce859dbda2390519a8f0
-
SHA1
2aada949aa95b49f3663530960b7281b33ce9d5f
-
SHA256
5cbb2697a315b04b71fd3f5e5b13122827bef573869fe0d594de05e42db9f7f9
-
SHA512
344172221ea164f19d54b0735447c4eae20468d080b5564e22d3856b8448b4380f30046caf495f3724d415806cfa897971d0970d3357735b2ce2a6cc26afde0d
-
SSDEEP
6144:RNeZK0ylr/28KYKjWeHlYznEy/meM22Rv3A2oLB8W54ESaAOp5EzWu:RNxcJjWeHWLEqFH2WB8cTSaAOp5Ez
Static task
static1
Behavioral task
behavioral1
Sample
BFM-720-7388372883783888278.scr.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
BFM-720-7388372883783888278.scr.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
warzonerat
185.216.71.58:1856
Targets
-
-
Target
BFM-720-7388372883783888278.scr.exe
-
Size
265KB
-
MD5
df1fc07a0fc0ce859dbda2390519a8f0
-
SHA1
2aada949aa95b49f3663530960b7281b33ce9d5f
-
SHA256
5cbb2697a315b04b71fd3f5e5b13122827bef573869fe0d594de05e42db9f7f9
-
SHA512
344172221ea164f19d54b0735447c4eae20468d080b5564e22d3856b8448b4380f30046caf495f3724d415806cfa897971d0970d3357735b2ce2a6cc26afde0d
-
SSDEEP
6144:RNeZK0ylr/28KYKjWeHlYznEy/meM22Rv3A2oLB8W54ESaAOp5EzWu:RNxcJjWeHWLEqFH2WB8cTSaAOp5Ez
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-