Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
010b1992555965e82a43f5642aaf8ba1.exe
-
Size
556KB
-
Sample
240122-g16jqsabdj
-
MD5
010b1992555965e82a43f5642aaf8ba1
-
SHA1
ae665f4148618c9f48332ed3795cf91326311bb2
-
SHA256
2eefb5dc5aae0ca14290ded3490ec8ae44c88fafdac0b062bacd8b9bd1497eb3
-
SHA512
fb5ec0de2fe64114ee78d7578baebdfe23bc0978a4e35917d3039c057393c8a6eecf1adc82a25e92558ade18fabd205599e4039b16ac2fb0c0ec52e319c3c917
-
SSDEEP
12288:sPf6X60ET/3W+pLzJWN0sMeG5n4Ps6lrjV7qIAxe4I/3YMa2URX:sPHvW+rKGJ4PplDX4OTalRX
Static task
static1
Behavioral task
behavioral1
Sample
010b1992555965e82a43f5642aaf8ba1.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
010b1992555965e82a43f5642aaf8ba1.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
warzonerat
23.106.121.172:2026
Targets
-
-
Target
010b1992555965e82a43f5642aaf8ba1.exe
-
Size
556KB
-
MD5
010b1992555965e82a43f5642aaf8ba1
-
SHA1
ae665f4148618c9f48332ed3795cf91326311bb2
-
SHA256
2eefb5dc5aae0ca14290ded3490ec8ae44c88fafdac0b062bacd8b9bd1497eb3
-
SHA512
fb5ec0de2fe64114ee78d7578baebdfe23bc0978a4e35917d3039c057393c8a6eecf1adc82a25e92558ade18fabd205599e4039b16ac2fb0c0ec52e319c3c917
-
SSDEEP
12288:sPf6X60ET/3W+pLzJWN0sMeG5n4Ps6lrjV7qIAxe4I/3YMa2URX:sPHvW+rKGJ4PplDX4OTalRX
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-