Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6897bfda916218257d2dc3a3ade55f36

  • Size

    579KB

  • Sample

    240119-zgh87sdhc5

  • MD5

    6897bfda916218257d2dc3a3ade55f36

  • SHA1

    ccf6f3a31af5f90076b75db27ab81d89bb6e0808

  • SHA256

    889c96a913e70aa3cf184395ac8ebc9ddd09108f85206a281f382af7aba52fe3

  • SHA512

    e884f5edf7d6b46a1b18294f3e8a71e48e74f71cddd568825393f5e47c63ca7126001a07f8c88266a65dc6c8f4e0082533908aeffbf36584736e7c1dd019b325

  • SSDEEP

    12288:QUOycCPEyAgcmFcvkrI9rzEs0sxD+ibZD74Djhe4/DIEVuHJub7U2RBVw:VOycpyAJTkEPEs0pibZ3ogeDI7Hkb7BG

Malware Config

Extracted

Family

warzonerat

C2

185.19.85.155:1997

Targets

    • Target

      6897bfda916218257d2dc3a3ade55f36

    • Size

      579KB

    • MD5

      6897bfda916218257d2dc3a3ade55f36

    • SHA1

      ccf6f3a31af5f90076b75db27ab81d89bb6e0808

    • SHA256

      889c96a913e70aa3cf184395ac8ebc9ddd09108f85206a281f382af7aba52fe3

    • SHA512

      e884f5edf7d6b46a1b18294f3e8a71e48e74f71cddd568825393f5e47c63ca7126001a07f8c88266a65dc6c8f4e0082533908aeffbf36584736e7c1dd019b325

    • SSDEEP

      12288:QUOycCPEyAgcmFcvkrI9rzEs0sxD+ibZD74Djhe4/DIEVuHJub7U2RBVw:VOycpyAJTkEPEs0pibZ3ogeDI7Hkb7BG

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks