Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
PaymentReciptInvoce00180423.exe.bin
-
Size
1.0MB
-
Sample
230505-zp4vwage8y
-
MD5
b5d151bb4861ef37f6a7196217d219fe
-
SHA1
6dd795268a7f84ad8beda42cc58ce30f02bbd451
-
SHA256
839af94fe56cfd10e4e5e524c5e656170a8f5cb6a285bc1838386f7000b431a9
-
SHA512
6286af0cfee2564cf9ca68067d2f9ed7113d0c042b7bc9206c8b18bd67f94de599a6ee44739cc67f693922426c5f5db803ea3c289160e182f800eabd46da51ec
-
SSDEEP
12288:aq+gtQtCm4yiiguuR3uq+CjCk8feoFgAXuRs2/B6T8H3+H+5CA2G:VIT4i0CkO5HkB6gX+H+57B
Static task
static1
Behavioral task
behavioral1
Sample
PaymentReciptInvoce00180423.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
PaymentReciptInvoce00180423.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
jeffdfehjhsda.ddns.net:5200
Targets
-
-
Target
PaymentReciptInvoce00180423.exe.bin
-
Size
1.0MB
-
MD5
b5d151bb4861ef37f6a7196217d219fe
-
SHA1
6dd795268a7f84ad8beda42cc58ce30f02bbd451
-
SHA256
839af94fe56cfd10e4e5e524c5e656170a8f5cb6a285bc1838386f7000b431a9
-
SHA512
6286af0cfee2564cf9ca68067d2f9ed7113d0c042b7bc9206c8b18bd67f94de599a6ee44739cc67f693922426c5f5db803ea3c289160e182f800eabd46da51ec
-
SSDEEP
12288:aq+gtQtCm4yiiguuR3uq+CjCk8feoFgAXuRs2/B6T8H3+H+5CA2G:VIT4i0CkO5HkB6gX+H+57B
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Drops startup file
-
Adds Run key to start application
-