Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
babbb.exe
-
Size
764KB
-
Sample
240128-p9qtmsdafn
-
MD5
5040eb019a579d7d5b583ccc285c2732
-
SHA1
9a689878c6aee62a6f5f6634d05d999f543365bb
-
SHA256
0bf6ae6361d96420e17922aca4af1f02ab2f3f01d67cd14148f187fd2de4f51b
-
SHA512
c4efdb54a752e309a574b9a769f5b2365f65ee1690e322bb6364e288c5f8f3196eb4b5122979af517706d463c6f2291d05ca664b8a1d22c2abc6feed5b6c223f
-
SSDEEP
6144:F1NBdGYC2Ri6+GpplN8HTy4KV/ftexpq01Tek9TaASdJW6Di:F1N7GYtRi6Hczy4KJl+ekdaBJWF
Static task
static1
Behavioral task
behavioral1
Sample
babbb.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
babbb.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
warzonerat
bossnew.ddns.net:1001
Targets
-
-
Target
babbb.exe
-
Size
764KB
-
MD5
5040eb019a579d7d5b583ccc285c2732
-
SHA1
9a689878c6aee62a6f5f6634d05d999f543365bb
-
SHA256
0bf6ae6361d96420e17922aca4af1f02ab2f3f01d67cd14148f187fd2de4f51b
-
SHA512
c4efdb54a752e309a574b9a769f5b2365f65ee1690e322bb6364e288c5f8f3196eb4b5122979af517706d463c6f2291d05ca664b8a1d22c2abc6feed5b6c223f
-
SSDEEP
6144:F1NBdGYC2Ri6+GpplN8HTy4KV/ftexpq01Tek9TaASdJW6Di:F1N7GYtRi6Hczy4KJl+ekdaBJWF
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-