Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

b6bfb3a595...a2.exe

windows7-x64

10

b6bfb3a595...a2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b6bfb3a595ea2714a2d8d705f2f299a2

  • Size

    579KB

  • Sample

    240306-hcvm1aee43

  • MD5

    b6bfb3a595ea2714a2d8d705f2f299a2

  • SHA1

    d505e3c4b189bfd4227c2b4f995b6212b7056a13

  • SHA256

    53891d71761c7942e9f0a4a425b50a7e41ac0272cdaa73dfea49a099e583cf8a

  • SHA512

    05efb606cb7e1066c64bc6a0080df1f62cd7b052e2cc4adbe75341a5b94860b25de62f23d702b4993de8199956d812d5c3a8658a8ca4b47ffe7788ca07c53f12

  • SSDEEP

    12288:FUOycCPEyAgcmFcvkrI9rzEs0sxD+ibZD74Djhe4/DIEVuHJub7U2RBV+:2OycpyAJTkEPEs0pibZ3ogeDI7Hkb7Bo

Score
10/10
warzoneratinfostealerpersistenceratupx

Malware Config

Extracted

Family

warzonerat

C2

185.19.85.155:1997

Targets

    • Target

      b6bfb3a595ea2714a2d8d705f2f299a2

    • Size

      579KB

    • MD5

      b6bfb3a595ea2714a2d8d705f2f299a2

    • SHA1

      d505e3c4b189bfd4227c2b4f995b6212b7056a13

    • SHA256

      53891d71761c7942e9f0a4a425b50a7e41ac0272cdaa73dfea49a099e583cf8a

    • SHA512

      05efb606cb7e1066c64bc6a0080df1f62cd7b052e2cc4adbe75341a5b94860b25de62f23d702b4993de8199956d812d5c3a8658a8ca4b47ffe7788ca07c53f12

    • SSDEEP

      12288:FUOycCPEyAgcmFcvkrI9rzEs0sxD+ibZD74Djhe4/DIEVuHJub7U2RBV+:2OycpyAJTkEPEs0pibZ3ogeDI7Hkb7Bo

    Score
    10/10
    warzoneratinfostealerpersistenceratupx

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks