Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8320d990377c8e9f565f76088bf69a6b

  • Size

    1.0MB

  • Sample

    240131-b8llmsbabn

  • MD5

    8320d990377c8e9f565f76088bf69a6b

  • SHA1

    e6ca3b89a5bed5d296a2ff269baebbd62454a47d

  • SHA256

    c9101673c9067dc94509d5e5c2ee41274baf4e34867c700855f95cb3ff164f19

  • SHA512

    95101a7807c977a29d2fdec027c81c79800a6bb2f0a45a8158cdf7ae86ce6ef95fcd0061f43652942cac9a1fc4e876e7cad13b7410981f3be136326b3386ed0b

  • SSDEEP

    12288:LyWozxrjTwg1HxbJnRjRgXE95kc2NTYI:1oVrjLRbHdgU7knN/

Malware Config

Extracted

Family

warzonerat

C2

warzonepw.ddns.net:6476

Targets

    • Target

      8320d990377c8e9f565f76088bf69a6b

    • Size

      1.0MB

    • MD5

      8320d990377c8e9f565f76088bf69a6b

    • SHA1

      e6ca3b89a5bed5d296a2ff269baebbd62454a47d

    • SHA256

      c9101673c9067dc94509d5e5c2ee41274baf4e34867c700855f95cb3ff164f19

    • SHA512

      95101a7807c977a29d2fdec027c81c79800a6bb2f0a45a8158cdf7ae86ce6ef95fcd0061f43652942cac9a1fc4e876e7cad13b7410981f3be136326b3386ed0b

    • SSDEEP

      12288:LyWozxrjTwg1HxbJnRjRgXE95kc2NTYI:1oVrjLRbHdgU7knN/

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks