Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    682495d3af8815cd22fb8e2e1abc24f5

  • Size

    276KB

  • Sample

    240119-vczm6saff9

  • MD5

    682495d3af8815cd22fb8e2e1abc24f5

  • SHA1

    0301b08ab80efde0fe442512057db26119e1af63

  • SHA256

    3044e2ca337b60c44e85fded613ba146ed0924b794978abaa2acc3000fa67955

  • SHA512

    97e83bddb23cd7e52a63653be96777ff555469fabe4cd28729c25ae42855b793e89170d2a4a5e7ac7da51d854cec2bf4baca137e0a6b79c38843d7bdfc6c596a

  • SSDEEP

    3072:O0788M538KD6p2aVulIytyQStfGsjUr52e9wcB6hGQn3OhQ:4556/uXtyQSt+smRB6zneh

Malware Config

Extracted

Family

warzonerat

C2

192.168.89.190:5200

Targets

    • Target

      682495d3af8815cd22fb8e2e1abc24f5

    • Size

      276KB

    • MD5

      682495d3af8815cd22fb8e2e1abc24f5

    • SHA1

      0301b08ab80efde0fe442512057db26119e1af63

    • SHA256

      3044e2ca337b60c44e85fded613ba146ed0924b794978abaa2acc3000fa67955

    • SHA512

      97e83bddb23cd7e52a63653be96777ff555469fabe4cd28729c25ae42855b793e89170d2a4a5e7ac7da51d854cec2bf4baca137e0a6b79c38843d7bdfc6c596a

    • SSDEEP

      3072:O0788M538KD6p2aVulIytyQStfGsjUr52e9wcB6hGQn3OhQ:4556/uXtyQSt+smRB6zneh

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks