Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    69b2919aeae1bafab2af46ba3078c425

  • Size

    788KB

  • Sample

    240120-gzzpssddf8

  • MD5

    69b2919aeae1bafab2af46ba3078c425

  • SHA1

    a05ff132efefd500605ffb1ca46371a49af80d1f

  • SHA256

    d10722e2ba880417c63ff3b7d3e12042a9b45b44b6a4f1497cab0979a9ab9296

  • SHA512

    c6934d38131116c916888838764d409f6fac4eff732d349626b446a28da0015ce843de955a629c774767bb6693cf1ba1726d417b3903c7e8dbe3babdefbabb36

  • SSDEEP

    12288:3caQxt8BPx8bgDPwFVt2NjFz5dGs9C0J+D8stY5MOJVBLmwLhbHWIbPmzqLVsZ:fCb0wFVMNjZTPCzD3YdL3bHtbemLVsZ

Malware Config

Extracted

Family

warzonerat

C2

51.210.65.37:4141

Targets

    • Target

      69b2919aeae1bafab2af46ba3078c425

    • Size

      788KB

    • MD5

      69b2919aeae1bafab2af46ba3078c425

    • SHA1

      a05ff132efefd500605ffb1ca46371a49af80d1f

    • SHA256

      d10722e2ba880417c63ff3b7d3e12042a9b45b44b6a4f1497cab0979a9ab9296

    • SHA512

      c6934d38131116c916888838764d409f6fac4eff732d349626b446a28da0015ce843de955a629c774767bb6693cf1ba1726d417b3903c7e8dbe3babdefbabb36

    • SSDEEP

      12288:3caQxt8BPx8bgDPwFVt2NjFz5dGs9C0J+D8stY5MOJVBLmwLhbHWIbPmzqLVsZ:fCb0wFVMNjZTPCzD3YdL3bHtbemLVsZ

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks