General

  • Target

    c59c4f73797542b8455736e9145903c70aad99727ca341f3d517065cfa4d0a9c

  • Size

    1.0MB

  • Sample

    231002-3fy5taha47

  • MD5

    71d09309522dded131061e70870e909d

  • SHA1

    935743ea747df79a75f0b0786b38822e7a4048eb

  • SHA256

    c59c4f73797542b8455736e9145903c70aad99727ca341f3d517065cfa4d0a9c

  • SHA512

    3b3b54f6e7586d5fab067f2d7059484dd84b60b0d50ca6c48658f4a206a2026645a9c7c65fbd343cce5e361a94ecbf45e4c58a91271a7e9f16b88e67c3ed0593

  • SSDEEP

    24576:OykgsqPvI3VZxIfqnmEZbYEOXmEku8kDN1BqHtBnUuc7RFJd:dfI3VZicmEZFOfktkDjBqNKZF

Malware Config

Targets

    • Target

      c59c4f73797542b8455736e9145903c70aad99727ca341f3d517065cfa4d0a9c

    • Size

      1.0MB

    • MD5

      71d09309522dded131061e70870e909d

    • SHA1

      935743ea747df79a75f0b0786b38822e7a4048eb

    • SHA256

      c59c4f73797542b8455736e9145903c70aad99727ca341f3d517065cfa4d0a9c

    • SHA512

      3b3b54f6e7586d5fab067f2d7059484dd84b60b0d50ca6c48658f4a206a2026645a9c7c65fbd343cce5e361a94ecbf45e4c58a91271a7e9f16b88e67c3ed0593

    • SSDEEP

      24576:OykgsqPvI3VZxIfqnmEZbYEOXmEku8kDN1BqHtBnUuc7RFJd:dfI3VZicmEZFOfktkDjBqNKZF

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks