Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    69ee485bef1462281c31e00fc4df3b4b

  • Size

    579KB

  • Sample

    240120-j5mnjaefcn

  • MD5

    69ee485bef1462281c31e00fc4df3b4b

  • SHA1

    262c0ded66fdb1c96d3db557d74c38b8f40557ea

  • SHA256

    2daaa5a102ea6457c94109e3daac5a676adb29acedc68ff6c2db78e91b01820e

  • SHA512

    223b3b45c19d153f97c7fb1b2912b2c092c7516ad35932ddb46237a630cd07d26d0eded48027a379cc37d248ffa8c0bb8541e84f561bbec0a09bf35c0ec95b32

  • SSDEEP

    12288:vUOycCPEyAgcmFcvkrI9rzEs0sxD+ibZD74Djhe4/DIEVuHJub7U2RBVz:cOycpyAJTkEPEs0pibZ3ogeDI7Hkb7Bl

Malware Config

Extracted

Family

warzonerat

C2

185.19.85.155:1997

Targets

    • Target

      69ee485bef1462281c31e00fc4df3b4b

    • Size

      579KB

    • MD5

      69ee485bef1462281c31e00fc4df3b4b

    • SHA1

      262c0ded66fdb1c96d3db557d74c38b8f40557ea

    • SHA256

      2daaa5a102ea6457c94109e3daac5a676adb29acedc68ff6c2db78e91b01820e

    • SHA512

      223b3b45c19d153f97c7fb1b2912b2c092c7516ad35932ddb46237a630cd07d26d0eded48027a379cc37d248ffa8c0bb8541e84f561bbec0a09bf35c0ec95b32

    • SSDEEP

      12288:vUOycCPEyAgcmFcvkrI9rzEs0sxD+ibZD74Djhe4/DIEVuHJub7U2RBVz:cOycpyAJTkEPEs0pibZ3ogeDI7Hkb7Bl

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks