Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Scanned008907.exe.bin
-
Size
1.0MB
-
Sample
230505-zrlr3sed74
-
MD5
0b5c131ce6f6ba1e86293ac0b16317b1
-
SHA1
10b03b58dceedfd1c99f04200d9692ef846a8030
-
SHA256
396346640d472168f07c041e8dfb3648050e2d36f16e93416cafc2354f3a857e
-
SHA512
729880fd1553e154b0180ef7c19f00092511ae9dac6560a5b53365ca93f6fd78ed2bd1f52968fa5b5325591214a96140948b70525b0b76bbbd9f1bfad32b62cb
-
SSDEEP
12288:aq+gtQtCm4yiiguuR3uq+CjCk8feoFgAXuRs2AB6T8H3+H+5CA2G:VIT4i0CkO5HXB6gX+H+57B
Static task
static1
Behavioral task
behavioral1
Sample
Scanned008907.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Scanned008907.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
155.94.150.100:6473
Targets
-
-
Target
Scanned008907.exe.bin
-
Size
1.0MB
-
MD5
0b5c131ce6f6ba1e86293ac0b16317b1
-
SHA1
10b03b58dceedfd1c99f04200d9692ef846a8030
-
SHA256
396346640d472168f07c041e8dfb3648050e2d36f16e93416cafc2354f3a857e
-
SHA512
729880fd1553e154b0180ef7c19f00092511ae9dac6560a5b53365ca93f6fd78ed2bd1f52968fa5b5325591214a96140948b70525b0b76bbbd9f1bfad32b62cb
-
SSDEEP
12288:aq+gtQtCm4yiiguuR3uq+CjCk8feoFgAXuRs2AB6T8H3+H+5CA2G:VIT4i0CkO5HXB6gX+H+57B
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-