Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6a4e4b4d629f93cd8035e30338c60f3e

  • Size

    568KB

  • Sample

    240120-njllkahcf2

  • MD5

    6a4e4b4d629f93cd8035e30338c60f3e

  • SHA1

    71f85113e9770e1b139b33cdf724a74cd33be231

  • SHA256

    a859ec54d52379c01a87aba4dfd9741c9314afb8510365854d8282bb53aeb952

  • SHA512

    51bba53f865585c8557467ef4dfcfa70e88c9daed955af666336101727f07c109ccd2afcf95148599b6689d4a873199d9d20746eac75ac0979323931bee85011

  • SSDEEP

    12288:1fX25LrCxNuYlcAq6kllH7RaR00QHkLfoP571fejGJs:1fX25LrCxNuYlcvXt05gBIjP

Malware Config

Extracted

Family

warzonerat

C2

blacice24.hopto.org:5032

Targets

    • Target

      6a4e4b4d629f93cd8035e30338c60f3e

    • Size

      568KB

    • MD5

      6a4e4b4d629f93cd8035e30338c60f3e

    • SHA1

      71f85113e9770e1b139b33cdf724a74cd33be231

    • SHA256

      a859ec54d52379c01a87aba4dfd9741c9314afb8510365854d8282bb53aeb952

    • SHA512

      51bba53f865585c8557467ef4dfcfa70e88c9daed955af666336101727f07c109ccd2afcf95148599b6689d4a873199d9d20746eac75ac0979323931bee85011

    • SSDEEP

      12288:1fX25LrCxNuYlcAq6kllH7RaR00QHkLfoP571fejGJs:1fX25LrCxNuYlcvXt05gBIjP

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks