Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
6e237e03bb55e7d6fb25eb8251cc29ec
-
Size
739KB
-
Sample
240121-3ndh3scdf4
-
MD5
6e237e03bb55e7d6fb25eb8251cc29ec
-
SHA1
a9277560419af43181407254e5fbae9bd24c1052
-
SHA256
83a543e7f2986117552858fe6dde67174bc505810c61c1d12ab558bcfaf0f5e2
-
SHA512
0109f1b33fc413a5840ec70074c0571219a8183fc0ba692e615c18d51f288877d242844a9a985a04de641301c23ca1e5bb4dfc61406b272fa84df3f5e9cd0fa1
-
SSDEEP
12288:/034tLEAMbqjr4JBr7LIB7VS1hB4GynNDh6ZNwJb39w6LH6GYLF/oSN0Y8lI4cxu:sKodLIRVSaGynN167M26O1BAY8SM1
Static task
static1
Behavioral task
behavioral1
Sample
6e237e03bb55e7d6fb25eb8251cc29ec.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
6e237e03bb55e7d6fb25eb8251cc29ec.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
warzonerat
eurolord.duckdns.org:5200
Targets
-
-
Target
6e237e03bb55e7d6fb25eb8251cc29ec
-
Size
739KB
-
MD5
6e237e03bb55e7d6fb25eb8251cc29ec
-
SHA1
a9277560419af43181407254e5fbae9bd24c1052
-
SHA256
83a543e7f2986117552858fe6dde67174bc505810c61c1d12ab558bcfaf0f5e2
-
SHA512
0109f1b33fc413a5840ec70074c0571219a8183fc0ba692e615c18d51f288877d242844a9a985a04de641301c23ca1e5bb4dfc61406b272fa84df3f5e9cd0fa1
-
SSDEEP
12288:/034tLEAMbqjr4JBr7LIB7VS1hB4GynNDh6ZNwJb39w6LH6GYLF/oSN0Y8lI4cxu:sKodLIRVSaGynN167M26O1BAY8SM1
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-