Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6e53941032a0ce82eae1939e5759c0af

  • Size

    833KB

  • Sample

    240122-ble6cadccj

  • MD5

    6e53941032a0ce82eae1939e5759c0af

  • SHA1

    eaf57bcca6eab53654114ba72cc46d794c95742a

  • SHA256

    75cedf587e2b711c449d65f2113736a19c5de0df619ce27891587ce5cb84ee76

  • SHA512

    75adfcc32c109339af4e0540f0ae2f31536ef011e65ef1b543d5d81468426d57e885870b02eb31c71c7b882ac39a43c20d6e2f7a0c20c0c55b3d586a168baa10

  • SSDEEP

    6144:1wEvNYgMAUuVR5gO95HiX/ui5GmE1VvfQp3G9hkS8ntr2Xs33bAqB8dv4Tm2rfr5:1NtTSdroXQpqBKtkq1S2rTqDW

Malware Config

Extracted

Family

warzonerat

C2

ugob.ddns.net:5200

Targets

    • Target

      6e53941032a0ce82eae1939e5759c0af

    • Size

      833KB

    • MD5

      6e53941032a0ce82eae1939e5759c0af

    • SHA1

      eaf57bcca6eab53654114ba72cc46d794c95742a

    • SHA256

      75cedf587e2b711c449d65f2113736a19c5de0df619ce27891587ce5cb84ee76

    • SHA512

      75adfcc32c109339af4e0540f0ae2f31536ef011e65ef1b543d5d81468426d57e885870b02eb31c71c7b882ac39a43c20d6e2f7a0c20c0c55b3d586a168baa10

    • SSDEEP

      6144:1wEvNYgMAUuVR5gO95HiX/ui5GmE1VvfQp3G9hkS8ntr2Xs33bAqB8dv4Tm2rfr5:1NtTSdroXQpqBKtkq1S2rTqDW

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks