Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Reservation.exe

windows7-x64

10

Reservation.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Reservation.exe

  • Size

    203KB

  • Sample

    230802-pc573aef29

  • MD5

    c3d2671ab969fd347e6e0b81c777fc48

  • SHA1

    43d9902d2a7b0583be43ef8d4023c81e9a776e52

  • SHA256

    02ef992b9a587c6cdc382995b5dcfff0367554ec581a6fa28d08c70444f9e0d9

  • SHA512

    588524f48b47f32b1d412a43a3f376bcfd717db8d8a74c85bf4823c1af51ccbffbd76579544620587c84e2fea1e7ede4e2d361fb348758d8572ee7345eccfc07

  • SSDEEP

    6144:/Ya66WOW6k4nLUfQzcGg6Zwaidc8J1CQC:/YgWOE4EQIhairI

Score
10/10
warzoneratinfostealerpersistencerat

Malware Config

Extracted

Family

warzonerat

C2

plazzasecretballeronline.onedumb.com:14977

Targets

    • Target

      Reservation.exe

    • Size

      203KB

    • MD5

      c3d2671ab969fd347e6e0b81c777fc48

    • SHA1

      43d9902d2a7b0583be43ef8d4023c81e9a776e52

    • SHA256

      02ef992b9a587c6cdc382995b5dcfff0367554ec581a6fa28d08c70444f9e0d9

    • SHA512

      588524f48b47f32b1d412a43a3f376bcfd717db8d8a74c85bf4823c1af51ccbffbd76579544620587c84e2fea1e7ede4e2d361fb348758d8572ee7345eccfc07

    • SSDEEP

      6144:/Ya66WOW6k4nLUfQzcGg6Zwaidc8J1CQC:/YgWOE4EQIhairI

    Score
    10/10
    warzoneratinfostealerpersistencerat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT payload

      rat

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks