Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Scanned008907.exe.bin

  • Size

    1.0MB

  • Sample

    230505-zrlr3sed74

  • MD5

    0b5c131ce6f6ba1e86293ac0b16317b1

  • SHA1

    10b03b58dceedfd1c99f04200d9692ef846a8030

  • SHA256

    396346640d472168f07c041e8dfb3648050e2d36f16e93416cafc2354f3a857e

  • SHA512

    729880fd1553e154b0180ef7c19f00092511ae9dac6560a5b53365ca93f6fd78ed2bd1f52968fa5b5325591214a96140948b70525b0b76bbbd9f1bfad32b62cb

  • SSDEEP

    12288:aq+gtQtCm4yiiguuR3uq+CjCk8feoFgAXuRs2AB6T8H3+H+5CA2G:VIT4i0CkO5HXB6gX+H+57B

Malware Config

Extracted

Family

warzonerat

C2

155.94.150.100:6473

Targets

    • Target

      Scanned008907.exe.bin

    • Size

      1.0MB

    • MD5

      0b5c131ce6f6ba1e86293ac0b16317b1

    • SHA1

      10b03b58dceedfd1c99f04200d9692ef846a8030

    • SHA256

      396346640d472168f07c041e8dfb3648050e2d36f16e93416cafc2354f3a857e

    • SHA512

      729880fd1553e154b0180ef7c19f00092511ae9dac6560a5b53365ca93f6fd78ed2bd1f52968fa5b5325591214a96140948b70525b0b76bbbd9f1bfad32b62cb

    • SSDEEP

      12288:aq+gtQtCm4yiiguuR3uq+CjCk8feoFgAXuRs2AB6T8H3+H+5CA2G:VIT4i0CkO5HXB6gX+H+57B

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks