General

  • Target

    ade760f217750dbf205ad873d7c5c3f0b814d3e3812937bacc695f3ebd80fa15

  • Size

    1.0MB

  • Sample

    231003-bh1mwafd9s

  • MD5

    9468037eaf892da4e6627be0bfc5f48a

  • SHA1

    24723d9bca7c6570bddb7852285263fab0b8ac8b

  • SHA256

    ade760f217750dbf205ad873d7c5c3f0b814d3e3812937bacc695f3ebd80fa15

  • SHA512

    b7baf75ce2e4de005bcf620f4a7860dcce9de34764995487f4aaeaeeb37b25a2dc2c4b2cd99d7c6e6f16d0b43909d5eddf18246ffcd08996a78d08f8bab831b5

  • SSDEEP

    24576:dyA2KoAK3aRTlinRaPHUsnvFe5YTbkZVqm1L8RcZ8s2xTS8LKwHX0:41fwZ8MTnwXLgcKpxTS8Wy

Malware Config

Targets

    • Target

      ade760f217750dbf205ad873d7c5c3f0b814d3e3812937bacc695f3ebd80fa15

    • Size

      1.0MB

    • MD5

      9468037eaf892da4e6627be0bfc5f48a

    • SHA1

      24723d9bca7c6570bddb7852285263fab0b8ac8b

    • SHA256

      ade760f217750dbf205ad873d7c5c3f0b814d3e3812937bacc695f3ebd80fa15

    • SHA512

      b7baf75ce2e4de005bcf620f4a7860dcce9de34764995487f4aaeaeeb37b25a2dc2c4b2cd99d7c6e6f16d0b43909d5eddf18246ffcd08996a78d08f8bab831b5

    • SSDEEP

      24576:dyA2KoAK3aRTlinRaPHUsnvFe5YTbkZVqm1L8RcZ8s2xTS8LKwHX0:41fwZ8MTnwXLgcKpxTS8Wy

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks