Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

QUOTATION_...cr.exe

windows7-x64

6

QUOTATION_...cr.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    QUOTATION_AUG7FIBA00541·PDF.scr.exe

  • Size

    1.9MB

  • Sample

    230830-he8bwadc7x

  • MD5

    0fcb28f04c3fead1520ea0b7476b0957

  • SHA1

    f07204100d8990931fd81ef3ed24591bb0db788c

  • SHA256

    511ac21d17ad7b77173c3007465b034ce0a83517749f7263d27243453f6728c3

  • SHA512

    8f0708effffbcbd45a459c437d02a9e8887bde14fc259388a12100562bc698d78b379c0c82bc262eeacbb2b58812e3716c8894e0c7e11b2172362033e72e6e0e

  • SSDEEP

    24576:k8QUVF5iQ8Q0WuNO/JpxB0FGlAu4OmeMVqHfKP6w1mp8pncTMWanOm:k3+5iHQ6N0H4OLMQHJO+MWY

Score
10/10
warzoneratinfostealerpersistencerat

Malware Config

Extracted

Family

warzonerat

C2

62.102.148.158:62641

Targets

    • Target

      QUOTATION_AUG7FIBA00541·PDF.scr.exe

    • Size

      1.9MB

    • MD5

      0fcb28f04c3fead1520ea0b7476b0957

    • SHA1

      f07204100d8990931fd81ef3ed24591bb0db788c

    • SHA256

      511ac21d17ad7b77173c3007465b034ce0a83517749f7263d27243453f6728c3

    • SHA512

      8f0708effffbcbd45a459c437d02a9e8887bde14fc259388a12100562bc698d78b379c0c82bc262eeacbb2b58812e3716c8894e0c7e11b2172362033e72e6e0e

    • SSDEEP

      24576:k8QUVF5iQ8Q0WuNO/JpxB0FGlAu4OmeMVqHfKP6w1mp8pncTMWanOm:k3+5iHQ6N0H4OLMQHJO+MWY

    Score
    10/10
    persistencewarzoneratinfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT payload

      rat

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks