Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    805e62c60c0fc996052caad800bfe9de

  • Size

    579KB

  • Sample

    240129-vfsn2agaej

  • MD5

    805e62c60c0fc996052caad800bfe9de

  • SHA1

    a3a8a7d304691894ee8eab7684a134d0ad38bf87

  • SHA256

    91127e1d80f2ac634530968fd69487cd1b919694440ce1d2858577411e33b166

  • SHA512

    66c7f3fc3a5a3d53567d01ec3ccac794e9024e818eb203621effb0a3cb1ba7790a4a0acb1c9fec53500e0102cde1717ed1d5a6837b7e298e8ee566a214623a13

  • SSDEEP

    12288:9UOycCPEyAgcmFcvkrI9rzEs0sxD+ibZD74Djhe4/DIEVuHJub7U2RBVw:OOycpyAJTkEPEs0pibZ3ogeDI7Hkb7BG

Malware Config

Extracted

Family

warzonerat

C2

185.19.85.155:1997

Targets

    • Target

      805e62c60c0fc996052caad800bfe9de

    • Size

      579KB

    • MD5

      805e62c60c0fc996052caad800bfe9de

    • SHA1

      a3a8a7d304691894ee8eab7684a134d0ad38bf87

    • SHA256

      91127e1d80f2ac634530968fd69487cd1b919694440ce1d2858577411e33b166

    • SHA512

      66c7f3fc3a5a3d53567d01ec3ccac794e9024e818eb203621effb0a3cb1ba7790a4a0acb1c9fec53500e0102cde1717ed1d5a6837b7e298e8ee566a214623a13

    • SSDEEP

      12288:9UOycCPEyAgcmFcvkrI9rzEs0sxD+ibZD74Djhe4/DIEVuHJub7U2RBVw:OOycpyAJTkEPEs0pibZ3ogeDI7Hkb7BG

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks