Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

6ab689435a...3e.exe

windows7-x64

10

6ab689435a...3e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5d278b330412fc5f0b05a6168e4663f7.bin

  • Size

    176KB

  • Sample

    230602-b6kasshg3v

  • MD5

    7cd818cec1b2cc744c78b43dede386ee

  • SHA1

    953459d15f0c7c5c89b67b7999857cf78a14f8ea

  • SHA256

    4d5e40a9df086bb3dc150c2ab0a411234f155864007ba9fe654d1b071dc3ecaf

  • SHA512

    6fea955e8eb29eff40248ce8a9a61378563c46d6b5064b7f99555a4450f260182d593f9c78721c209663c6799ef390210301e2f7a45d9649bb8b415641272c21

  • SSDEEP

    3072:NVTW/HOdtRZEPDcL3EgrO6eMZbovdDwR/j0YDNE/qrleoaINJKVaJg:NVy/HOTRqcLE8eEkdDQr0Ynrcd4KMJg

Score
10/10
warzoneratinfostealerpersistencerat

Malware Config

Extracted

Family

warzonerat

C2

osairus.duckdns.org:4244

Targets

    • Target

      6ab689435a51068b3f0520391d4a037dccf43bfdaa3e1a1b545a85c89aa9473e.exe

    • Size

      215KB

    • MD5

      5d278b330412fc5f0b05a6168e4663f7

    • SHA1

      afebf776b4cdcfa12dc38d7aab0190820a956057

    • SHA256

      6ab689435a51068b3f0520391d4a037dccf43bfdaa3e1a1b545a85c89aa9473e

    • SHA512

      4c7204ac871350fcb6c4e4a745fd2f7482afa152e0cdd7e4097aaa427d1911b6fe038b366cba5acad1243e209643634c2ea48ad4c613a34c2488eb1fcf3ef275

    • SSDEEP

      3072:2fY/TU9fE9PEtuFbzrF+aj3dFzFNqdTGi7Gb2QmBAZdWlqLGCZM4fNmBvqNxHFgz:gYa6XzrFrbDqVGd6AZdwINmlq1gqg

    Score
    10/10
    warzoneratinfostealerpersistencerat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT payload

      rat

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.