Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    P0662546435233435.exe

  • Size

    622KB

  • Sample

    221102-nmyqascbhn

  • MD5

    9ad44d71d4ab6e898a2ed0915d1c03df

  • SHA1

    7fec6b39965507f9f62a7be5b70aae08a05c971a

  • SHA256

    d124be625e41349156ecf510e8af4bf2b7e83e797650b7c60f25fd6914e84365

  • SHA512

    e2ab7efe6b35358f576abed698f30870f4326883513639159d2a29760885ae3dde6db1e6a1095dd0cf09d233e00f8fe335f6106bc0d78e82bd849fcf41a9689e

  • SSDEEP

    12288:kc0douHH1J+0j/UhdMYFZE77k2D2C6cyFdt9zMCFogTDEne1WDL:kOu17/UdhmZyFD9hFdTDEe1yL

Malware Config

Extracted

Family

warzonerat

C2

septubandas.sytes.net:4923

Targets

    • Target

      P0662546435233435.exe

    • Size

      622KB

    • MD5

      9ad44d71d4ab6e898a2ed0915d1c03df

    • SHA1

      7fec6b39965507f9f62a7be5b70aae08a05c971a

    • SHA256

      d124be625e41349156ecf510e8af4bf2b7e83e797650b7c60f25fd6914e84365

    • SHA512

      e2ab7efe6b35358f576abed698f30870f4326883513639159d2a29760885ae3dde6db1e6a1095dd0cf09d233e00f8fe335f6106bc0d78e82bd849fcf41a9689e

    • SSDEEP

      12288:kc0douHH1J+0j/UhdMYFZE77k2D2C6cyFdt9zMCFogTDEne1WDL:kOu17/UdhmZyFD9hFdTDEe1yL

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks