Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    PaymentReciptInvoce00180423.exe.bin

  • Size

    1.0MB

  • Sample

    230505-zp4vwage8y

  • MD5

    b5d151bb4861ef37f6a7196217d219fe

  • SHA1

    6dd795268a7f84ad8beda42cc58ce30f02bbd451

  • SHA256

    839af94fe56cfd10e4e5e524c5e656170a8f5cb6a285bc1838386f7000b431a9

  • SHA512

    6286af0cfee2564cf9ca68067d2f9ed7113d0c042b7bc9206c8b18bd67f94de599a6ee44739cc67f693922426c5f5db803ea3c289160e182f800eabd46da51ec

  • SSDEEP

    12288:aq+gtQtCm4yiiguuR3uq+CjCk8feoFgAXuRs2/B6T8H3+H+5CA2G:VIT4i0CkO5HkB6gX+H+57B

Malware Config

Extracted

Family

warzonerat

C2

jeffdfehjhsda.ddns.net:5200

Targets

    • Target

      PaymentReciptInvoce00180423.exe.bin

    • Size

      1.0MB

    • MD5

      b5d151bb4861ef37f6a7196217d219fe

    • SHA1

      6dd795268a7f84ad8beda42cc58ce30f02bbd451

    • SHA256

      839af94fe56cfd10e4e5e524c5e656170a8f5cb6a285bc1838386f7000b431a9

    • SHA512

      6286af0cfee2564cf9ca68067d2f9ed7113d0c042b7bc9206c8b18bd67f94de599a6ee44739cc67f693922426c5f5db803ea3c289160e182f800eabd46da51ec

    • SSDEEP

      12288:aq+gtQtCm4yiiguuR3uq+CjCk8feoFgAXuRs2/B6T8H3+H+5CA2G:VIT4i0CkO5HkB6gX+H+57B

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks