Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.5180.2031

  • Size

    543KB

  • Sample

    240122-g9kcvsafe9

  • MD5

    a3f119126467007efece97b7c10eef72

  • SHA1

    b1c60c3e5aa31438d8eab02577f0ef2ae2928848

  • SHA256

    723b662d2e2310934a0ee26a0b1b5bc790d80b13ce7db9970a0abc8d294c9496

  • SHA512

    7ae43c26856a05b6880cc21b935496c6d6340f0d8cbae2a2bb71c0eff5f4bb7a15366e2188b8db68209e1403ead38d4960b375f391415dbd7941cc9b81e61f1d

  • SSDEEP

    12288:Whm+BgnuZAeBhwZO1Dg45sTG4Gk2Zii+PZzCTPPmy5RN:OuuZhBhf1Dg45sTGdoi+hz27n

Malware Config

Extracted

Family

warzonerat

C2

84.38.132.126:59937

Targets

    • Target

      SecuriteInfo.com.Win32.PWSX-gen.5180.2031

    • Size

      543KB

    • MD5

      a3f119126467007efece97b7c10eef72

    • SHA1

      b1c60c3e5aa31438d8eab02577f0ef2ae2928848

    • SHA256

      723b662d2e2310934a0ee26a0b1b5bc790d80b13ce7db9970a0abc8d294c9496

    • SHA512

      7ae43c26856a05b6880cc21b935496c6d6340f0d8cbae2a2bb71c0eff5f4bb7a15366e2188b8db68209e1403ead38d4960b375f391415dbd7941cc9b81e61f1d

    • SSDEEP

      12288:Whm+BgnuZAeBhwZO1Dg45sTG4Gk2Zii+PZzCTPPmy5RN:OuuZhBhf1Dg45sTGdoi+hz27n

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks