Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    product list and specification.xls

  • Size

    273KB

  • Sample

    240130-hzc2gacdfq

  • MD5

    d372ad70b1aa9e46b21e2ebfcd71f9a0

  • SHA1

    a7c747634398db8043be97f6ccdf8c56b34c3f14

  • SHA256

    9fb885a66da2ed08983a46519b97dc55e002913f859dfa1e54917f63e4d7f8f4

  • SHA512

    4f5df836a4f9dd849898b39940714ce05b45790682998172488a2e6f706962b6567746396bc273d35323560d97934a5515748a2a2f2030dafdeadbb2ab9f0ddb

  • SSDEEP

    6144:vYunXY35qAOJl/YrLYz+WrNhZF+E+fgL+0dD8ivSbVQUMIeXgj0QH1iXYDb9tTCd:vBa3bVQUMIeXgj0QH1d/9t

Malware Config

Extracted

Family

warzonerat

C2

wz-lk.giftsbybierd.com:4434

Targets

    • Target

      product list and specification.xls

    • Size

      273KB

    • MD5

      d372ad70b1aa9e46b21e2ebfcd71f9a0

    • SHA1

      a7c747634398db8043be97f6ccdf8c56b34c3f14

    • SHA256

      9fb885a66da2ed08983a46519b97dc55e002913f859dfa1e54917f63e4d7f8f4

    • SHA512

      4f5df836a4f9dd849898b39940714ce05b45790682998172488a2e6f706962b6567746396bc273d35323560d97934a5515748a2a2f2030dafdeadbb2ab9f0ddb

    • SSDEEP

      6144:vYunXY35qAOJl/YrLYz+WrNhZF+E+fgL+0dD8ivSbVQUMIeXgj0QH1iXYDb9tTCd:vBa3bVQUMIeXgj0QH1d/9t

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Downloads MZ/PE file

MITRE ATT&CK Enterprise v15

Tasks