Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ccb9086fc1709485302ec90d7f960e13db4844caef664fe940d4d6def976d1f3.bin.sample.gz

  • Size

    284KB

  • Sample

    230918-s5ga7aac9y

  • MD5

    5d3da8da2f235b8ac3c109a575b2a6bd

  • SHA1

    1a9a200b8c1c3ca546ac44816ad8c71e90ea1d80

  • SHA256

    1cef7f08118986301aa1ae41eedc757dcb2ac2160b2e0aa7ad0ebf5c2d9d8c6b

  • SHA512

    47f4ad99766eae4beb475e40be50ca00808b509aeb381fc87b3dade35658a0d18fef22dfa9c3443981e1c5ff3a37bd7099fb78b9a7578fa575eb8620e296dd78

  • SSDEEP

    6144:qngUgZ/nyY6N907O2WnuXiyziFTVTqyrNvj3GGR3ZzZphyH3:qgThyY6907LWnuiyzwTdqyBr/3lZp83

Malware Config

Targets

    • Target

      sample

    • Size

      328KB

    • MD5

      2ce2b22c19530551c888b9e300ec7f18

    • SHA1

      fe0cbb415ce1c51b2219b910f8c96566bfcbfab2

    • SHA256

      ccb9086fc1709485302ec90d7f960e13db4844caef664fe940d4d6def976d1f3

    • SHA512

      be5a16f1f066a6590f711940e5758afc0f2354ba195adcefdf6e3dd07ea681a777146b5a9b3d59fdac651716c78754edd9cdf9fbb1974310b90b21d90408b2e1

    • SSDEEP

      6144:Kly+bnr+7p0yN90QE0Q5xeyziFHV7qyrxvjfTiwEZ3ZvzpheB:DMrPy90TeyzwHJqydrr83Nzp8

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks