Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9c4d9abf16b3994f884a5bbc542f7dcdcf0febff0531118d3e2846de02dfa91e

  • Size

    694KB

  • Sample

    241111-cz79qatpdn

  • MD5

    7823737a9edc94ef4c04ca56ea1f805d

  • SHA1

    4f7588d3e45a9dfe139094056660412406c1ee44

  • SHA256

    9c4d9abf16b3994f884a5bbc542f7dcdcf0febff0531118d3e2846de02dfa91e

  • SHA512

    380f5a5864aae042b434544ff30d6491aa070b4314433ea2b82f756f85edc32bc385b540dbe029141a1745ce54e96f07ccbf6a858062b06661810f3f990fac45

  • SSDEEP

    12288:Jy902qwcaSJdYpVdeodEG23VpnkKBehP1x3eKHD1Uc5vleu2KfEPqa8+BlEmqo0Y:JyOabH/dEGa9AP1xvHD1UAWKf0q3+jE6

Malware Config

Targets

    • Target

      9c4d9abf16b3994f884a5bbc542f7dcdcf0febff0531118d3e2846de02dfa91e

    • Size

      694KB

    • MD5

      7823737a9edc94ef4c04ca56ea1f805d

    • SHA1

      4f7588d3e45a9dfe139094056660412406c1ee44

    • SHA256

      9c4d9abf16b3994f884a5bbc542f7dcdcf0febff0531118d3e2846de02dfa91e

    • SHA512

      380f5a5864aae042b434544ff30d6491aa070b4314433ea2b82f756f85edc32bc385b540dbe029141a1745ce54e96f07ccbf6a858062b06661810f3f990fac45

    • SSDEEP

      12288:Jy902qwcaSJdYpVdeodEG23VpnkKBehP1x3eKHD1Uc5vleu2KfEPqa8+BlEmqo0Y:JyOabH/dEGa9AP1xvHD1UAWKf0q3+jE6

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks