Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

00d1ab5309...7c.exe

windows7-x64

10

00d1ab5309...7c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    00d1ab5309b9fa1fd4a03ee45cf68b7c.exe

  • Size

    150KB

  • Sample

    230525-db5z5agc6t

  • MD5

    00d1ab5309b9fa1fd4a03ee45cf68b7c

  • SHA1

    a42e1cbb962f50e08d65bc4720d343da917324ce

  • SHA256

    0c79b94bb739d4770b3fc803a83dffeea129db0b293b4ff5ca923fc5597785a4

  • SHA512

    53edc178e98e45e8338995f3548aac3107b5da32352a27cdb6d271426fd46e8ca3af0a8b0611dac3a235efd7a19ff92a82577c6be2fcd68cc12ec3614931fc1d

  • SSDEEP

    3072:3fY/TU9fE9PEtu6xbXI5XYXsjQeNYGGzzfbe1IKKbpSjfxCcY4e/75XBhsFJzb78:vYa6cIYXsjQeNYGGnbelcpOxCcLS9xhD

Score
10/10
warzoneratinfostealerpersistencerat

Malware Config

Extracted

Family

warzonerat

C2

healings.duckdns.org:7722

Targets

    • Target

      00d1ab5309b9fa1fd4a03ee45cf68b7c.exe

    • Size

      150KB

    • MD5

      00d1ab5309b9fa1fd4a03ee45cf68b7c

    • SHA1

      a42e1cbb962f50e08d65bc4720d343da917324ce

    • SHA256

      0c79b94bb739d4770b3fc803a83dffeea129db0b293b4ff5ca923fc5597785a4

    • SHA512

      53edc178e98e45e8338995f3548aac3107b5da32352a27cdb6d271426fd46e8ca3af0a8b0611dac3a235efd7a19ff92a82577c6be2fcd68cc12ec3614931fc1d

    • SSDEEP

      3072:3fY/TU9fE9PEtu6xbXI5XYXsjQeNYGGzzfbe1IKKbpSjfxCcY4e/75XBhsFJzb78:vYa6cIYXsjQeNYGGnbelcpOxCcLS9xhD

    Score
    10/10
    warzoneratinfostealerpersistencerat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT payload

      rat

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks