Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Behavioral task
behavioral1
Sample
2824-27-0x0000000000400000-0x000000000055A000-memory.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2824-27-0x0000000000400000-0x000000000055A000-memory.exe
Resource
win10v2004-20231215-en
General
-
Target
2824-27-0x0000000000400000-0x000000000055A000-memory.dmp
-
Size
1.4MB
-
MD5
fb4647eabf32ab636eab6d008b42536e
-
SHA1
6fdac39ae4e8c2251b1902aecd3a9cac3f71e2e2
-
SHA256
db74fb33d644d1e5f6e9c5f876a272eca29357261f58272cbfee3bb2d338566c
-
SHA512
f79242ef09799e9bdc2506c3bd532963bf51067a9dc98aefe633ad1663e2ccdab264aa25e9c6dcf1e188af67beda5cf93ac0cfc74d1ac3f0dab40fdc8a8e3336
-
SSDEEP
3072:K7W9jps0Tx4azG6GweOTir5axbjhCz45LT7a:KwpsERzGKurETCzeLT7a
Malware Config
Extracted
warzonerat
74.50.93.170:4040
Signatures
-
Warzone RAT payload 1 IoCs
resource yara_rule sample warzonerat -
Warzonerat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2824-27-0x0000000000400000-0x000000000055A000-memory.dmp
Files
-
2824-27-0x0000000000400000-0x000000000055A000-memory.dmp.exe windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 92KB - Virtual size: 92KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 1.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.bss Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ