Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    80bbbd1f11256c586b9c1a136a11c1dcfd4608437842282f17f66aa7c0eef6c0

  • Size

    612KB

  • Sample

    241111-cl4dlstlcp

  • MD5

    9ca362ecb23fb9ddc9f7cff1b93b31e8

  • SHA1

    47e2b620d745883a77643fda6d8d1e53b34d9dfb

  • SHA256

    80bbbd1f11256c586b9c1a136a11c1dcfd4608437842282f17f66aa7c0eef6c0

  • SHA512

    1590e9e85c81af709770296325952cd2fe0dd3211672e0adb2d12e8c317c9378b6470f8134a8ebbf5561f37d7819608df2b3a72487b3380805c7a5d38b7ea6dd

  • SSDEEP

    12288:Ky904QFrBPepLNx653pjqJSNCSHK7DwOYaKwq2VbaJQ:KyVMWNxupjZDHK7DlYaPHaJQ

Malware Config

Targets

    • Target

      80bbbd1f11256c586b9c1a136a11c1dcfd4608437842282f17f66aa7c0eef6c0

    • Size

      612KB

    • MD5

      9ca362ecb23fb9ddc9f7cff1b93b31e8

    • SHA1

      47e2b620d745883a77643fda6d8d1e53b34d9dfb

    • SHA256

      80bbbd1f11256c586b9c1a136a11c1dcfd4608437842282f17f66aa7c0eef6c0

    • SHA512

      1590e9e85c81af709770296325952cd2fe0dd3211672e0adb2d12e8c317c9378b6470f8134a8ebbf5561f37d7819608df2b3a72487b3380805c7a5d38b7ea6dd

    • SSDEEP

      12288:Ky904QFrBPepLNx653pjqJSNCSHK7DwOYaKwq2VbaJQ:KyVMWNxupjZDHK7DlYaPHaJQ

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks