Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

bb6af94db4...78.exe

windows7-x64

10

bb6af94db4...78.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bb6af94db448e5a030dbcf2299c11359cd28acb6d56a2d8a0750e3a62bf8e678

  • Size

    2.9MB

  • Sample

    240425-c2rpradg23

  • MD5

    cec533685df238ca2c999bb4458eca65

  • SHA1

    9b50e4d10b75d73b8102180a2a43a2cc91afc045

  • SHA256

    bb6af94db448e5a030dbcf2299c11359cd28acb6d56a2d8a0750e3a62bf8e678

  • SHA512

    7dbca1534603f331c3955c38162068c11f87738378d8664b3ea97ce861126e0322e827234e616b596619cfeae655554729bd30be2b778927cd91351ca9759007

  • SSDEEP

    24576:bTO7AsmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHq:bTO7Asmw4gxeOw46fUbNecCCFbNecT

Score
10/10
warzoneratinfostealerpersistencerat

Malware Config

Targets

    • Target

      bb6af94db448e5a030dbcf2299c11359cd28acb6d56a2d8a0750e3a62bf8e678

    • Size

      2.9MB

    • MD5

      cec533685df238ca2c999bb4458eca65

    • SHA1

      9b50e4d10b75d73b8102180a2a43a2cc91afc045

    • SHA256

      bb6af94db448e5a030dbcf2299c11359cd28acb6d56a2d8a0750e3a62bf8e678

    • SHA512

      7dbca1534603f331c3955c38162068c11f87738378d8664b3ea97ce861126e0322e827234e616b596619cfeae655554729bd30be2b778927cd91351ca9759007

    • SSDEEP

      24576:bTO7AsmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHq:bTO7Asmw4gxeOw46fUbNecCCFbNecT

    Score
    10/10
    warzoneratinfostealerpersistencerat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Detects executables packed with ASPack

    • Warzone RAT payload

      rat

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks