Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    81753d0ff22805a51201089fbe9d563e

  • Size

    412KB

  • Sample

    240130-eyhzjshfak

  • MD5

    81753d0ff22805a51201089fbe9d563e

  • SHA1

    30446f0d7036fa7bbc69b429b66cf7668ffef757

  • SHA256

    7a2efc884ed3f2c590ab5f93423e06ed2451376c980e707698e3c2e5eddecca8

  • SHA512

    2103146dfa0fb4141fbf57e033b5d097e64a4881be0b5913417fec0320ade1d3bb03e8799af9be3ef0cd437de0906b7e1fdd3d707ade61f7a47850f84719d784

  • SSDEEP

    6144:alz0902fTvXqongliaA2lcFJw/WMKo8klOq83t6QKX3xQtPmCX4A2jbZaa8:aybvTgliaA2YwJoU1x+X4A2Za/

Malware Config

Extracted

Family

warzonerat

C2

duck50501.hopto.org:50501

Targets

    • Target

      81753d0ff22805a51201089fbe9d563e

    • Size

      412KB

    • MD5

      81753d0ff22805a51201089fbe9d563e

    • SHA1

      30446f0d7036fa7bbc69b429b66cf7668ffef757

    • SHA256

      7a2efc884ed3f2c590ab5f93423e06ed2451376c980e707698e3c2e5eddecca8

    • SHA512

      2103146dfa0fb4141fbf57e033b5d097e64a4881be0b5913417fec0320ade1d3bb03e8799af9be3ef0cd437de0906b7e1fdd3d707ade61f7a47850f84719d784

    • SSDEEP

      6144:alz0902fTvXqongliaA2lcFJw/WMKo8klOq83t6QKX3xQtPmCX4A2jbZaa8:aybvTgliaA2YwJoU1x+X4A2Za/

    • Detect ZGRat V1

    • Detects BazaLoader malware

      BazaLoader is a trojan that transmits logs to the Command and Control (C2) server, encoding them in BASE64 format through GET requests.

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Warzone RAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks