General

  • Target

    e35c7311dd3f58894753ae7bee76ef59c6ab5da98bedc6e45b894d17dbc25aff

  • Size

    1.0MB

  • Sample

    231003-a9swnshc42

  • MD5

    3eedd8c2b83215c3ec112f7435885845

  • SHA1

    3cb036d04d2ca463dda536173ec07e47d086e715

  • SHA256

    e35c7311dd3f58894753ae7bee76ef59c6ab5da98bedc6e45b894d17dbc25aff

  • SHA512

    2c5d6c6109ea8c99f6831fed8e08cb1205da366e1ef4f3b6cec33f077bbe9cc10b134c3aa0db10f12944b19314dbe54d2a570c9524eb49217448c281973fd924

  • SSDEEP

    24576:6yOG4QuWAGfWjZQiYBm6GtwDm07WeGJA13lu2BeApmXzm:BjNuWqjZ14+wi0rGJA13oOfpmj

Malware Config

Targets

    • Target

      e35c7311dd3f58894753ae7bee76ef59c6ab5da98bedc6e45b894d17dbc25aff

    • Size

      1.0MB

    • MD5

      3eedd8c2b83215c3ec112f7435885845

    • SHA1

      3cb036d04d2ca463dda536173ec07e47d086e715

    • SHA256

      e35c7311dd3f58894753ae7bee76ef59c6ab5da98bedc6e45b894d17dbc25aff

    • SHA512

      2c5d6c6109ea8c99f6831fed8e08cb1205da366e1ef4f3b6cec33f077bbe9cc10b134c3aa0db10f12944b19314dbe54d2a570c9524eb49217448c281973fd924

    • SSDEEP

      24576:6yOG4QuWAGfWjZQiYBm6GtwDm07WeGJA13lu2BeApmXzm:BjNuWqjZ14+wi0rGJA13oOfpmj

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks