Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    unpacked.exe

  • Size

    113KB

  • Sample

    240129-kk6rcaeae6

  • MD5

    23ca02d6eac5914157aca2a48d95e35b

  • SHA1

    ff152a0ee7464732af7eb21f586a1c0f1f5ee929

  • SHA256

    94f836d1cd5bfe8a245a0b66076c86506f53b2fae38ed5da7b2f13cfa07b6cac

  • SHA512

    a318e363826ac103637c77cd35be7c3c6e8b51289ea030bcb52dd5e61300d85cf4c956117fa8d6469efebee420c895694b0acb82d61bf12e65783f0fda6cda3f

  • SSDEEP

    1536:h0jP7/L1B5rVmN8sxHv2M28ix8EUaJxWZoB4u0OVE01:K1VmhaH8EFvW+0OVE0

Malware Config

Extracted

Family

warzonerat

C2

43.230.202.77:4568

Targets

    • Target

      unpacked.exe

    • Size

      113KB

    • MD5

      23ca02d6eac5914157aca2a48d95e35b

    • SHA1

      ff152a0ee7464732af7eb21f586a1c0f1f5ee929

    • SHA256

      94f836d1cd5bfe8a245a0b66076c86506f53b2fae38ed5da7b2f13cfa07b6cac

    • SHA512

      a318e363826ac103637c77cd35be7c3c6e8b51289ea030bcb52dd5e61300d85cf4c956117fa8d6469efebee420c895694b0acb82d61bf12e65783f0fda6cda3f

    • SSDEEP

      1536:h0jP7/L1B5rVmN8sxHv2M28ix8EUaJxWZoB4u0OVE01:K1VmhaH8EFvW+0OVE0

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v15

Tasks