Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    83cf1c8f4ccefbaf6881bf3d47236184

  • Size

    402KB

  • Sample

    240131-h7j5rafbf9

  • MD5

    83cf1c8f4ccefbaf6881bf3d47236184

  • SHA1

    81b2b3c9962892d5a4d7bcd9c8a51ab02a8809bb

  • SHA256

    5b185af278fe0bdf4ed8724f98efa63f50c2bfc5a3d704d31e7a1d08a8089d39

  • SHA512

    0d91b62501faf983bfcd54718f1ca031e69cfc2bb0251dc5a09aa765eae4be741f1b2116baba70e096569a69214b80886f8ab67ee5b50cbbe7762663cd586e39

  • SSDEEP

    12288:it2LMr2rKMDtGaMjxmovL9QVIvDWxWd6hg:qkMIxGasdZQ/9y

Malware Config

Extracted

Family

warzonerat

C2

sdafsdffssffs.ydns.eu:6703

Targets

    • Target

      83cf1c8f4ccefbaf6881bf3d47236184

    • Size

      402KB

    • MD5

      83cf1c8f4ccefbaf6881bf3d47236184

    • SHA1

      81b2b3c9962892d5a4d7bcd9c8a51ab02a8809bb

    • SHA256

      5b185af278fe0bdf4ed8724f98efa63f50c2bfc5a3d704d31e7a1d08a8089d39

    • SHA512

      0d91b62501faf983bfcd54718f1ca031e69cfc2bb0251dc5a09aa765eae4be741f1b2116baba70e096569a69214b80886f8ab67ee5b50cbbe7762663cd586e39

    • SSDEEP

      12288:it2LMr2rKMDtGaMjxmovL9QVIvDWxWd6hg:qkMIxGasdZQ/9y

    • Detect ZGRat V1

    • Detects BazaLoader malware

      BazaLoader is a trojan that transmits logs to the Command and Control (C2) server, encoding them in BASE64 format through GET requests.

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Warzone RAT payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks