General
-
Target
416e57d288d4d7cc609aa5259429eabb37e48a16bfb2e3106159f42a86c1c63c
-
Size
705KB
-
Sample
230923-pcp6vahb32
-
MD5
adb8be582f7ff6fb881abeb6d8ed0d32
-
SHA1
0b12d0c1903270ca80bd517b14ab0b204ab14a10
-
SHA256
416e57d288d4d7cc609aa5259429eabb37e48a16bfb2e3106159f42a86c1c63c
-
SHA512
223efc2d9ebb1cc06cbb65c69c7fbae1312c9c81241b54da704cf0c6a12cc9b45fd18588942d918dbcd72f8a0dea7547d6018974c3630f33e152cb463923c246
-
SSDEEP
12288:mMrwy90DFNH7DTXW9TnFJ73s+TBRq6T/T8oQqF06LTLT4:iykDbDTXW9zFB+O/T8oQqdU
Malware Config
Targets
-
-
Target
416e57d288d4d7cc609aa5259429eabb37e48a16bfb2e3106159f42a86c1c63c
-
Size
705KB
-
MD5
adb8be582f7ff6fb881abeb6d8ed0d32
-
SHA1
0b12d0c1903270ca80bd517b14ab0b204ab14a10
-
SHA256
416e57d288d4d7cc609aa5259429eabb37e48a16bfb2e3106159f42a86c1c63c
-
SHA512
223efc2d9ebb1cc06cbb65c69c7fbae1312c9c81241b54da704cf0c6a12cc9b45fd18588942d918dbcd72f8a0dea7547d6018974c3630f33e152cb463923c246
-
SSDEEP
12288:mMrwy90DFNH7DTXW9TnFJ73s+TBRq6T/T8oQqF06LTLT4:iykDbDTXW9zFB+O/T8oQqdU
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1