Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    67c61f920f0e566d885675918b82eb20

  • Size

    243KB

  • Sample

    240119-q3wa8afgd6

  • MD5

    67c61f920f0e566d885675918b82eb20

  • SHA1

    2612f97862584dc7801c55d80fd2ec4fcace650f

  • SHA256

    b93b6510f3e02f05d3ff428864acc1374e4f3a9f2ade309c0e6a85a2b2ba13a5

  • SHA512

    c20ed92be3d23abd006b4802f036b3bf0d22275d1684f8c75a5031f5a4e160d9ac60482444042d08b66355f5cb4d077b58adeeb915bf748c020f03cdfa163f5d

  • SSDEEP

    6144:b3bdKRSwucLYkb/xbENMjYgtXNUmvZjoKR/SvH4gTuXF/5OqI:b5XwFtwNQHMmdom/Sf2Xt7I

Malware Config

Extracted

Family

warzonerat

C2

188.72.124.14:1986

Targets

    • Target

      67c61f920f0e566d885675918b82eb20

    • Size

      243KB

    • MD5

      67c61f920f0e566d885675918b82eb20

    • SHA1

      2612f97862584dc7801c55d80fd2ec4fcace650f

    • SHA256

      b93b6510f3e02f05d3ff428864acc1374e4f3a9f2ade309c0e6a85a2b2ba13a5

    • SHA512

      c20ed92be3d23abd006b4802f036b3bf0d22275d1684f8c75a5031f5a4e160d9ac60482444042d08b66355f5cb4d077b58adeeb915bf748c020f03cdfa163f5d

    • SSDEEP

      6144:b3bdKRSwucLYkb/xbENMjYgtXNUmvZjoKR/SvH4gTuXF/5OqI:b5XwFtwNQHMmdom/Sf2Xt7I

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks