Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

vstdlib_s64.dll

windows7-x64

10

vstdlib_s64.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    vstdlib_s64.dll.exe

  • Size

    9.9MB

  • Sample

    250303-nq9lzaxkz3

  • MD5

    7c0ba42678e4fb97377fb0808a6b9c30

  • SHA1

    d97a745bb3329fcf8cfe36e0665b246220d95bd6

  • SHA256

    5df209e90d787b7a84e17f8f7d393e325a96beb8bb6c7cb895dc301140b38c9c

  • SHA512

    b455f8b3ced28635b0b3ff90f5929c7128dae915a58b862f63158909305c55485445797fa432f836c220c6ee1ab28f8361954dc469c5bde0b90ee182235cbe9c

  • SSDEEP

    196608:b1iPLvapRf0e4qYFkfCZlvdND/pPGqfM:xiPW/f475lHD/p+q

Score
10/10
warzoneratcollectiondiscoveryinfostealerrat

Malware Config

Extracted

Family

warzonerat

C2

198.46.177.153:4532

Targets

    • Target

      vstdlib_s64.dll.exe

    • Size

      9.9MB

    • MD5

      7c0ba42678e4fb97377fb0808a6b9c30

    • SHA1

      d97a745bb3329fcf8cfe36e0665b246220d95bd6

    • SHA256

      5df209e90d787b7a84e17f8f7d393e325a96beb8bb6c7cb895dc301140b38c9c

    • SHA512

      b455f8b3ced28635b0b3ff90f5929c7128dae915a58b862f63158909305c55485445797fa432f836c220c6ee1ab28f8361954dc469c5bde0b90ee182235cbe9c

    • SSDEEP

      196608:b1iPLvapRf0e4qYFkfCZlvdND/pPGqfM:xiPW/f475lHD/p+q

    Score
    10/10
    warzoneratcollectiondiscoveryinfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzonerat family

      warzonerat

    • Warzone RAT payload

      rat

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks