Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    68a40e341f28507ebd504564fc8507d3

  • Size

    338KB

  • Sample

    240119-zyb68aebh5

  • MD5

    68a40e341f28507ebd504564fc8507d3

  • SHA1

    aa837e7e44baa5d13be6fb5530454429a4c24e75

  • SHA256

    fea29fb2293dfa888c3ce64dba2e775b2793b7f2edd4bd647dd5d2a96d1bdc04

  • SHA512

    115f8f59f575e4630b43774f2757746a1860e4d72f28650f19d809479e2126e95414efa6e983991b29bed61e8b1e108fbb77a1426e1d1db447125764cdc443c9

  • SSDEEP

    6144:oAxdBa/vBDy1NPofTpjPN7O4v9TKcgcosoJ2YwOuMkQryyu2linbMP6u8jxsS4G1:CXgTAVjPNi4KrdJl5Nw2linG/2T4Gux

Malware Config

Extracted

Family

warzonerat

C2

sdafsdffssffs.ydns.eu:6703

Targets

    • Target

      68a40e341f28507ebd504564fc8507d3

    • Size

      338KB

    • MD5

      68a40e341f28507ebd504564fc8507d3

    • SHA1

      aa837e7e44baa5d13be6fb5530454429a4c24e75

    • SHA256

      fea29fb2293dfa888c3ce64dba2e775b2793b7f2edd4bd647dd5d2a96d1bdc04

    • SHA512

      115f8f59f575e4630b43774f2757746a1860e4d72f28650f19d809479e2126e95414efa6e983991b29bed61e8b1e108fbb77a1426e1d1db447125764cdc443c9

    • SSDEEP

      6144:oAxdBa/vBDy1NPofTpjPN7O4v9TKcgcosoJ2YwOuMkQryyu2linbMP6u8jxsS4G1:CXgTAVjPNi4KrdJl5Nw2linG/2T4Gux

    • Detect ZGRat V1

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Warzone RAT payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks