Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

617546d49d...79.exe

windows7-x64

10

617546d49d...79.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    617546d49d79d5b574c832ab13cbae0f2da1b77db907814c90dd766a4c9c6179

  • Size

    1.8MB

  • Sample

    241220-awh5bavjey

  • MD5

    6926365f2530df4137a481477d0068a5

  • SHA1

    dcb4bd3cc01cd5896a2880262d44c73d0b25739c

  • SHA256

    617546d49d79d5b574c832ab13cbae0f2da1b77db907814c90dd766a4c9c6179

  • SHA512

    243595cdc75cbf9c18ea10738f9fcb37ea34456a01cdbd034ed5513a2577148a279974f81a17c68435fee2ad8e246a9f0bebeca2919e5c3ab60c3c88d61c7219

  • SSDEEP

    12288:Q99Vbpgx4OuE+aCpBPY0PkI686WNUfWO6yuXzT5SPlSG9dA7W2FeDSIGVH/KIDgc:k1gg4CppEI6GGfWDkMQDbGV6eH8tkR

Score
10/10
warzoneratdiscoveryevasioninfostealerpersistencerat

Malware Config

Targets

    • Target

      617546d49d79d5b574c832ab13cbae0f2da1b77db907814c90dd766a4c9c6179

    • Size

      1.8MB

    • MD5

      6926365f2530df4137a481477d0068a5

    • SHA1

      dcb4bd3cc01cd5896a2880262d44c73d0b25739c

    • SHA256

      617546d49d79d5b574c832ab13cbae0f2da1b77db907814c90dd766a4c9c6179

    • SHA512

      243595cdc75cbf9c18ea10738f9fcb37ea34456a01cdbd034ed5513a2577148a279974f81a17c68435fee2ad8e246a9f0bebeca2919e5c3ab60c3c88d61c7219

    • SSDEEP

      12288:Q99Vbpgx4OuE+aCpBPY0PkI686WNUfWO6yuXzT5SPlSG9dA7W2FeDSIGVH/KIDgc:k1gg4CppEI6GGfWDkMQDbGV6eH8tkR

    Score
    10/10
    warzoneratdiscoveryevasioninfostealerpersistencerat

    • Modifies WinLogon for persistence

      persistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzonerat family

      warzonerat

    • Warzone RAT payload

      rat

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.