Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
cbfde6ca8896eac31d59d24a5aa5d6b1bae608f4ec4e8fd712c74574568f1502
-
Size
2.6MB
-
Sample
250310-g8y5mawjv3
-
MD5
244dd63a0e731dbb165ef741145ba57a
-
SHA1
f5a79bf24867b7eeb276625f71e5d25e5c17d58b
-
SHA256
cbfde6ca8896eac31d59d24a5aa5d6b1bae608f4ec4e8fd712c74574568f1502
-
SHA512
76216c2a004c1e96b3b507f757e66a167d1050698ad7c24ca2e492cace8c7c4ae762f9011270dbe7d0c61cb7974acfa2c2299f1b489bef5a952dea83121e9071
-
SSDEEP
49152:vwE1zWupmkopPFExcmqG74tWBjI6Ka9r3:4E1zWu4kyP+CmqG74tWaRa9
Malware Config
Targets
-
-
Target
cbfde6ca8896eac31d59d24a5aa5d6b1bae608f4ec4e8fd712c74574568f1502
-
Size
2.6MB
-
MD5
244dd63a0e731dbb165ef741145ba57a
-
SHA1
f5a79bf24867b7eeb276625f71e5d25e5c17d58b
-
SHA256
cbfde6ca8896eac31d59d24a5aa5d6b1bae608f4ec4e8fd712c74574568f1502
-
SHA512
76216c2a004c1e96b3b507f757e66a167d1050698ad7c24ca2e492cace8c7c4ae762f9011270dbe7d0c61cb7974acfa2c2299f1b489bef5a952dea83121e9071
-
SSDEEP
49152:vwE1zWupmkopPFExcmqG74tWBjI6Ka9r3:4E1zWu4kyP+CmqG74tWaRa9
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2