Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    WarzoneRAT.exe

  • Size

    321KB

  • Sample

    241205-hrsf7atlex

  • MD5

    600e0dbaefc03f7bf50abb0def3fb465

  • SHA1

    1b5f0ac48e06edc4ed8243be61d71077f770f2b4

  • SHA256

    61e6a93f43049712b5f2d949fd233fa8015fe4bef01b9e1285d3d87b12f894f2

  • SHA512

    151eebac8f8f6e72d130114f030f048dff5bce0f99ff8d3a22e8fed7616155b3e87d29acf79f488d6b53ed2c5c9b05b57f76f1f91a568c21fe9bca228efb23d9

  • SSDEEP

    6144:62GhN2db088fTdUuNU0we+HPps1zcJLVPzGKfwQ7PHC3NJTyhtPB1m:62iNG088fTWsU0wJBsGJPf4Q7PHC3NJ8

Malware Config

Extracted

Family

warzonerat

C2

168.61.222.215:5400

Targets

    • Target

      WarzoneRAT.exe

    • Size

      321KB

    • MD5

      600e0dbaefc03f7bf50abb0def3fb465

    • SHA1

      1b5f0ac48e06edc4ed8243be61d71077f770f2b4

    • SHA256

      61e6a93f43049712b5f2d949fd233fa8015fe4bef01b9e1285d3d87b12f894f2

    • SHA512

      151eebac8f8f6e72d130114f030f048dff5bce0f99ff8d3a22e8fed7616155b3e87d29acf79f488d6b53ed2c5c9b05b57f76f1f91a568c21fe9bca228efb23d9

    • SSDEEP

      6144:62GhN2db088fTdUuNU0we+HPps1zcJLVPzGKfwQ7PHC3NJTyhtPB1m:62iNG088fTWsU0wJBsGJPf4Q7PHC3NJ8

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzonerat family

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

    • Warzone RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.