Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ac18d9da9135fd1ae1dd701a76f33c25

  • Size

    507KB

  • Sample

    240228-rpyd4adf72

  • MD5

    ac18d9da9135fd1ae1dd701a76f33c25

  • SHA1

    d4f4e58e4f85fbdfa68fa11e8c4766844c96f63c

  • SHA256

    d8e6ae61fefe2f312f15fddf23fcdcba6ea02bc3cc1a1b4566e03130512c9882

  • SHA512

    eaab4f765994471cbb0fcb10bee6c5b2306d26d23d27b4f6b1bbb2d711b0ca07218e0b617341466bbe9a0a1143c16fa5009bc4bcc6d23a8142e8441b30e5f98c

  • SSDEEP

    12288:0IPHb0IoX/9fSp3TRCQeQEkNWkXgQSEwBV:0W0IovUDQ9QEkN1XgPEwBV

Malware Config

Extracted

Family

warzonerat

C2

91.92.120.132:5200

Targets

    • Target

      ac18d9da9135fd1ae1dd701a76f33c25

    • Size

      507KB

    • MD5

      ac18d9da9135fd1ae1dd701a76f33c25

    • SHA1

      d4f4e58e4f85fbdfa68fa11e8c4766844c96f63c

    • SHA256

      d8e6ae61fefe2f312f15fddf23fcdcba6ea02bc3cc1a1b4566e03130512c9882

    • SHA512

      eaab4f765994471cbb0fcb10bee6c5b2306d26d23d27b4f6b1bbb2d711b0ca07218e0b617341466bbe9a0a1143c16fa5009bc4bcc6d23a8142e8441b30e5f98c

    • SSDEEP

      12288:0IPHb0IoX/9fSp3TRCQeQEkNWkXgQSEwBV:0W0IovUDQ9QEkN1XgPEwBV

    • UAC bypass

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Windows security bypass

    • Warzone RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Windows security modification

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks