Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d1ebfffb918cb931ae8e6ef5546b9efa

  • Size

    640KB

  • Sample

    240130-jkfdqabec8

  • MD5

    d1ebfffb918cb931ae8e6ef5546b9efa

  • SHA1

    325c8470cce00044d8a2ff9281c2ecc4223ab011

  • SHA256

    82024edb19dae637e9af2940bbbf5e10fc8ad04deece28d610474e993ee3450e

  • SHA512

    13c4d69c4deddc518ed5583d4f42817dad51802df27599524bb53dbdd9a58c1337eae541425c27ed1151f0e0f7ee05797b01ea612fcdc1a047aafd332881f3da

  • SSDEEP

    12288:LZV+d9SCF1ORqY9KWXhrgT4/ZneqcMkgw45GT5bBjjtwA8mon:LZV+d9Z0wWXh0T4/AqcMki5oBO1fn

Malware Config

Extracted

Family

warzonerat

C2

wz-lk.giftsbybierd.com:4434

Targets

    • Target

      d1ebfffb918cb931ae8e6ef5546b9efa

    • Size

      640KB

    • MD5

      d1ebfffb918cb931ae8e6ef5546b9efa

    • SHA1

      325c8470cce00044d8a2ff9281c2ecc4223ab011

    • SHA256

      82024edb19dae637e9af2940bbbf5e10fc8ad04deece28d610474e993ee3450e

    • SHA512

      13c4d69c4deddc518ed5583d4f42817dad51802df27599524bb53dbdd9a58c1337eae541425c27ed1151f0e0f7ee05797b01ea612fcdc1a047aafd332881f3da

    • SSDEEP

      12288:LZV+d9SCF1ORqY9KWXhrgT4/ZneqcMkgw45GT5bBjjtwA8mon:LZV+d9Z0wWXh0T4/AqcMki5oBO1fn

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks