Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    QUOTE REQUEST 37838U8.exe

  • Size

    817KB

  • Sample

    230103-trytraca23

  • MD5

    2b978c63729d2c11750726ffbefae73f

  • SHA1

    2fe195ffb8e74c4cd4161da3544f5b3aef7c1392

  • SHA256

    9c3abc7de190655509a91a27272e82cd1cdb978140717c3dbe5ac8321cc31ae5

  • SHA512

    53058cd2a6aeada18416caf10515f1fa810e730e0e70d298401c1bf57ef49267aca63dd064624f3762d169ad154bcf8946d283ad001bcb311104710d7bb01111

  • SSDEEP

    24576:DRFdELpCybniAU6lH80UklgE3BCA5/bwqK:FFdELpCybniAU6PWEt5/bwq

Malware Config

Extracted

Family

warzonerat

C2

valvesco.duckdns.org:5353

Targets

    • Target

      QUOTE REQUEST 37838U8.exe

    • Size

      817KB

    • MD5

      2b978c63729d2c11750726ffbefae73f

    • SHA1

      2fe195ffb8e74c4cd4161da3544f5b3aef7c1392

    • SHA256

      9c3abc7de190655509a91a27272e82cd1cdb978140717c3dbe5ac8321cc31ae5

    • SHA512

      53058cd2a6aeada18416caf10515f1fa810e730e0e70d298401c1bf57ef49267aca63dd064624f3762d169ad154bcf8946d283ad001bcb311104710d7bb01111

    • SSDEEP

      24576:DRFdELpCybniAU6lH80UklgE3BCA5/bwqK:FFdELpCybniAU6PWEt5/bwq

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks