Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0679dceebe8fee0846c25402c960c94e

  • Size

    1.2MB

  • Sample

    231224-vaak9sdbaj

  • MD5

    0679dceebe8fee0846c25402c960c94e

  • SHA1

    d79dce0e62322d268caceef5e4da1b1097505cc8

  • SHA256

    aeb25c73ba5b553c5b6c4719df3a6d0d76dcb8dba175f78d8d604624f734710b

  • SHA512

    85fd283098d938bb656691f3ff430081ba03d38ef52ccd220e378b48d5f9e58836fa0955ae602488271d374d5147956730d2eee3f80868fb973b31d5911b6480

  • SSDEEP

    24576:0JjAKND1LIQgBPiXdcmdy3pPA6lOBWdYPYR:0JjN9IQEiX/MZFr7

Malware Config

Extracted

Family

warzonerat

C2

andronmatskiv20.sytes.net:5200

Targets

    • Target

      0679dceebe8fee0846c25402c960c94e

    • Size

      1.2MB

    • MD5

      0679dceebe8fee0846c25402c960c94e

    • SHA1

      d79dce0e62322d268caceef5e4da1b1097505cc8

    • SHA256

      aeb25c73ba5b553c5b6c4719df3a6d0d76dcb8dba175f78d8d604624f734710b

    • SHA512

      85fd283098d938bb656691f3ff430081ba03d38ef52ccd220e378b48d5f9e58836fa0955ae602488271d374d5147956730d2eee3f80868fb973b31d5911b6480

    • SSDEEP

      24576:0JjAKND1LIQgBPiXdcmdy3pPA6lOBWdYPYR:0JjN9IQEiX/MZFr7

    • Detect ZGRat V1

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Warzone RAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks