Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d1ebfffb918cb931ae8e6ef5546b9efa
-
Size
640KB
-
Sample
240130-jkzscschbj
-
MD5
d1ebfffb918cb931ae8e6ef5546b9efa
-
SHA1
325c8470cce00044d8a2ff9281c2ecc4223ab011
-
SHA256
82024edb19dae637e9af2940bbbf5e10fc8ad04deece28d610474e993ee3450e
-
SHA512
13c4d69c4deddc518ed5583d4f42817dad51802df27599524bb53dbdd9a58c1337eae541425c27ed1151f0e0f7ee05797b01ea612fcdc1a047aafd332881f3da
-
SSDEEP
12288:LZV+d9SCF1ORqY9KWXhrgT4/ZneqcMkgw45GT5bBjjtwA8mon:LZV+d9Z0wWXh0T4/AqcMki5oBO1fn
Static task
static1
Behavioral task
behavioral1
Sample
d1ebfffb918cb931ae8e6ef5546b9efa.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
d1ebfffb918cb931ae8e6ef5546b9efa.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
warzonerat
wz-lk.giftsbybierd.com:4434
Targets
-
-
Target
d1ebfffb918cb931ae8e6ef5546b9efa
-
Size
640KB
-
MD5
d1ebfffb918cb931ae8e6ef5546b9efa
-
SHA1
325c8470cce00044d8a2ff9281c2ecc4223ab011
-
SHA256
82024edb19dae637e9af2940bbbf5e10fc8ad04deece28d610474e993ee3450e
-
SHA512
13c4d69c4deddc518ed5583d4f42817dad51802df27599524bb53dbdd9a58c1337eae541425c27ed1151f0e0f7ee05797b01ea612fcdc1a047aafd332881f3da
-
SSDEEP
12288:LZV+d9SCF1ORqY9KWXhrgT4/ZneqcMkgw45GT5bBjjtwA8mon:LZV+d9Z0wWXh0T4/AqcMki5oBO1fn
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-