Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
69b2919aeae1bafab2af46ba3078c425
-
Size
788KB
-
Sample
240120-gzzpssddf8
-
MD5
69b2919aeae1bafab2af46ba3078c425
-
SHA1
a05ff132efefd500605ffb1ca46371a49af80d1f
-
SHA256
d10722e2ba880417c63ff3b7d3e12042a9b45b44b6a4f1497cab0979a9ab9296
-
SHA512
c6934d38131116c916888838764d409f6fac4eff732d349626b446a28da0015ce843de955a629c774767bb6693cf1ba1726d417b3903c7e8dbe3babdefbabb36
-
SSDEEP
12288:3caQxt8BPx8bgDPwFVt2NjFz5dGs9C0J+D8stY5MOJVBLmwLhbHWIbPmzqLVsZ:fCb0wFVMNjZTPCzD3YdL3bHtbemLVsZ
Static task
static1
Behavioral task
behavioral1
Sample
69b2919aeae1bafab2af46ba3078c425.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
69b2919aeae1bafab2af46ba3078c425.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
warzonerat
51.210.65.37:4141
Targets
-
-
Target
69b2919aeae1bafab2af46ba3078c425
-
Size
788KB
-
MD5
69b2919aeae1bafab2af46ba3078c425
-
SHA1
a05ff132efefd500605ffb1ca46371a49af80d1f
-
SHA256
d10722e2ba880417c63ff3b7d3e12042a9b45b44b6a4f1497cab0979a9ab9296
-
SHA512
c6934d38131116c916888838764d409f6fac4eff732d349626b446a28da0015ce843de955a629c774767bb6693cf1ba1726d417b3903c7e8dbe3babdefbabb36
-
SSDEEP
12288:3caQxt8BPx8bgDPwFVt2NjFz5dGs9C0J+D8stY5MOJVBLmwLhbHWIbPmzqLVsZ:fCb0wFVMNjZTPCzD3YdL3bHtbemLVsZ
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-