Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8233910c5b0fe9b4aa55c4f2263aebb4

  • Size

    3.0MB

  • Sample

    240130-mhyztsfdej

  • MD5

    8233910c5b0fe9b4aa55c4f2263aebb4

  • SHA1

    d7459b1c29c2db9b0d978b51bd8df0cd7abc3575

  • SHA256

    b0055410b3532760da065b33ac487f42f31c90ffc60f88ac3ed8a22e53240d52

  • SHA512

    5039622534051087f5d5030c76951fc32f7133445571b686555cf2666eb2fa6e91ee741d7df359bc9e803ce99dcf8518cefc7eaf0bc30ceeeb81320015609960

  • SSDEEP

    49152:xciEFdI0asyK7UAmqdLJIi9bKv8zh7gos4y5:xcbFdIbBK7UAmqdVIipu8zh7gt4

Malware Config

Extracted

Family

warzonerat

C2

194.5.97.52:11101

Targets

    • Target

      8233910c5b0fe9b4aa55c4f2263aebb4

    • Size

      3.0MB

    • MD5

      8233910c5b0fe9b4aa55c4f2263aebb4

    • SHA1

      d7459b1c29c2db9b0d978b51bd8df0cd7abc3575

    • SHA256

      b0055410b3532760da065b33ac487f42f31c90ffc60f88ac3ed8a22e53240d52

    • SHA512

      5039622534051087f5d5030c76951fc32f7133445571b686555cf2666eb2fa6e91ee741d7df359bc9e803ce99dcf8518cefc7eaf0bc30ceeeb81320015609960

    • SSDEEP

      49152:xciEFdI0asyK7UAmqdLJIi9bKv8zh7gos4y5:xcbFdIbBK7UAmqdVIipu8zh7gt4

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks