General
-
Target
f7fc6f165bfbe28b9961e8afe3c250dfd80399753342eb6f411ac83a300ac7d4
-
Size
933KB
-
Sample
230923-1t7yrscc98
-
MD5
36238c0cd743c3e59c2850918485ff06
-
SHA1
c1f3a83c59ae9f209bb56bde695590f5dbeb10ea
-
SHA256
f7fc6f165bfbe28b9961e8afe3c250dfd80399753342eb6f411ac83a300ac7d4
-
SHA512
822b78b01ee7c1241fcbc9e5b29c75eaf80835bd2210215cbf06c3c7ade9c14379f75317e54a3c37f96d3c958574ba12241f02a6a3515adfa2531c14bf6293ad
-
SSDEEP
12288:KMrxy90GxG17OeI/FlC+TaJjWduJ5fmmTcXAq1zMVB9vrdLRLYX70Xd+4upiVUeH:LyL4OR/FlMlWsXfjof4NzqIUecpnmUm
Malware Config
Targets
-
-
Target
f7fc6f165bfbe28b9961e8afe3c250dfd80399753342eb6f411ac83a300ac7d4
-
Size
933KB
-
MD5
36238c0cd743c3e59c2850918485ff06
-
SHA1
c1f3a83c59ae9f209bb56bde695590f5dbeb10ea
-
SHA256
f7fc6f165bfbe28b9961e8afe3c250dfd80399753342eb6f411ac83a300ac7d4
-
SHA512
822b78b01ee7c1241fcbc9e5b29c75eaf80835bd2210215cbf06c3c7ade9c14379f75317e54a3c37f96d3c958574ba12241f02a6a3515adfa2531c14bf6293ad
-
SSDEEP
12288:KMrxy90GxG17OeI/FlC+TaJjWduJ5fmmTcXAq1zMVB9vrdLRLYX70Xd+4upiVUeH:LyL4OR/FlMlWsXfjof4NzqIUecpnmUm
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1