Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8102275c886875543a28a56edd9215f8

  • Size

    13.0MB

  • Sample

    240129-2afkvacab9

  • MD5

    8102275c886875543a28a56edd9215f8

  • SHA1

    451e70fb4b00605102038935744532d436a73f15

  • SHA256

    c88972c80db4fd3a9b15a9ed8d95688be6a1cfbce5030f55f06c596e32d8c785

  • SHA512

    af1bbf841e6cc05e26965a9e3d7fff81fb1e8d6c4a751922356743e104f2060163534aa0489ae53e4687b79fc34d3cfd7c59884cfb8d1fe572c1e1fb5c6a74b9

  • SSDEEP

    196608:yU7d9xZSt4U7d9xZStSU7d9xZSt4U7d9xZSt9:D7d9xZo7d9xZS7d9xZo7d9xZC

Malware Config

Targets

    • Target

      8102275c886875543a28a56edd9215f8

    • Size

      13.0MB

    • MD5

      8102275c886875543a28a56edd9215f8

    • SHA1

      451e70fb4b00605102038935744532d436a73f15

    • SHA256

      c88972c80db4fd3a9b15a9ed8d95688be6a1cfbce5030f55f06c596e32d8c785

    • SHA512

      af1bbf841e6cc05e26965a9e3d7fff81fb1e8d6c4a751922356743e104f2060163534aa0489ae53e4687b79fc34d3cfd7c59884cfb8d1fe572c1e1fb5c6a74b9

    • SSDEEP

      196608:yU7d9xZSt4U7d9xZStSU7d9xZSt4U7d9xZSt9:D7d9xZo7d9xZS7d9xZo7d9xZC

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks