Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6ed69e2af01630bcb884b446021ef530

  • Size

    1.3MB

  • Sample

    240122-f5fcnshcgj

  • MD5

    6ed69e2af01630bcb884b446021ef530

  • SHA1

    9ec5c3414408f809fe63f457b5d5aedf470f6d71

  • SHA256

    c676b612a9713d60f6768e98512221bbdc834b403d3510f1218be63c16d810a7

  • SHA512

    d649b9c8f54768be746ca62c849e3c1014af582c0a0f925bb8e4384d856e34a65fd03cfab5d34b2bf95914c9cd64f1b20ab9ab556374738e7cf1d2ace9e0b5eb

  • SSDEEP

    24576:sZRJHvkJX10cLgfgSmhOi6b93gLc5Xy9UpJJbiCiaClV:sfJcrEIzAiY9dMCJJX5q

Malware Config

Extracted

Language
xlm4.0
Source

Extracted

Family

warzonerat

C2

37.0.10.166:5200

Targets

    • Target

      6ed69e2af01630bcb884b446021ef530

    • Size

      1.3MB

    • MD5

      6ed69e2af01630bcb884b446021ef530

    • SHA1

      9ec5c3414408f809fe63f457b5d5aedf470f6d71

    • SHA256

      c676b612a9713d60f6768e98512221bbdc834b403d3510f1218be63c16d810a7

    • SHA512

      d649b9c8f54768be746ca62c849e3c1014af582c0a0f925bb8e4384d856e34a65fd03cfab5d34b2bf95914c9cd64f1b20ab9ab556374738e7cf1d2ace9e0b5eb

    • SSDEEP

      24576:sZRJHvkJX10cLgfgSmhOi6b93gLc5Xy9UpJJbiCiaClV:sfJcrEIzAiY9dMCJJX5q

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks