Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6e237e03bb55e7d6fb25eb8251cc29ec

  • Size

    739KB

  • Sample

    240121-3ndh3scdf4

  • MD5

    6e237e03bb55e7d6fb25eb8251cc29ec

  • SHA1

    a9277560419af43181407254e5fbae9bd24c1052

  • SHA256

    83a543e7f2986117552858fe6dde67174bc505810c61c1d12ab558bcfaf0f5e2

  • SHA512

    0109f1b33fc413a5840ec70074c0571219a8183fc0ba692e615c18d51f288877d242844a9a985a04de641301c23ca1e5bb4dfc61406b272fa84df3f5e9cd0fa1

  • SSDEEP

    12288:/034tLEAMbqjr4JBr7LIB7VS1hB4GynNDh6ZNwJb39w6LH6GYLF/oSN0Y8lI4cxu:sKodLIRVSaGynN167M26O1BAY8SM1

Malware Config

Extracted

Family

warzonerat

C2

eurolord.duckdns.org:5200

Targets

    • Target

      6e237e03bb55e7d6fb25eb8251cc29ec

    • Size

      739KB

    • MD5

      6e237e03bb55e7d6fb25eb8251cc29ec

    • SHA1

      a9277560419af43181407254e5fbae9bd24c1052

    • SHA256

      83a543e7f2986117552858fe6dde67174bc505810c61c1d12ab558bcfaf0f5e2

    • SHA512

      0109f1b33fc413a5840ec70074c0571219a8183fc0ba692e615c18d51f288877d242844a9a985a04de641301c23ca1e5bb4dfc61406b272fa84df3f5e9cd0fa1

    • SSDEEP

      12288:/034tLEAMbqjr4JBr7LIB7VS1hB4GynNDh6ZNwJb39w6LH6GYLF/oSN0Y8lI4cxu:sKodLIRVSaGynN167M26O1BAY8SM1

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks