Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ac18d9da9135fd1ae1dd701a76f33c25

  • Size

    507KB

  • Sample

    240228-rpyd4adf72

  • MD5

    ac18d9da9135fd1ae1dd701a76f33c25

  • SHA1

    d4f4e58e4f85fbdfa68fa11e8c4766844c96f63c

  • SHA256

    d8e6ae61fefe2f312f15fddf23fcdcba6ea02bc3cc1a1b4566e03130512c9882

  • SHA512

    eaab4f765994471cbb0fcb10bee6c5b2306d26d23d27b4f6b1bbb2d711b0ca07218e0b617341466bbe9a0a1143c16fa5009bc4bcc6d23a8142e8441b30e5f98c

  • SSDEEP

    12288:0IPHb0IoX/9fSp3TRCQeQEkNWkXgQSEwBV:0W0IovUDQ9QEkN1XgPEwBV

Malware Config

Extracted

Family

warzonerat

C2

91.92.120.132:5200

Targets

    • Target

      ac18d9da9135fd1ae1dd701a76f33c25

    • Size

      507KB

    • MD5

      ac18d9da9135fd1ae1dd701a76f33c25

    • SHA1

      d4f4e58e4f85fbdfa68fa11e8c4766844c96f63c

    • SHA256

      d8e6ae61fefe2f312f15fddf23fcdcba6ea02bc3cc1a1b4566e03130512c9882

    • SHA512

      eaab4f765994471cbb0fcb10bee6c5b2306d26d23d27b4f6b1bbb2d711b0ca07218e0b617341466bbe9a0a1143c16fa5009bc4bcc6d23a8142e8441b30e5f98c

    • SSDEEP

      12288:0IPHb0IoX/9fSp3TRCQeQEkNWkXgQSEwBV:0W0IovUDQ9QEkN1XgPEwBV

    • UAC bypass

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Windows security bypass

    • Warzone RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Windows security modification

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.