General

  • Target

    6867eec47fa62a20ec13d8c9f68aa6a8d0a46163dee00af63e1887642ba8b949

  • Size

    875KB

  • Sample

    231003-d1bsksga8w

  • MD5

    21a3d2eb4b9588292127b887ad362a1d

  • SHA1

    62e6ecaa6dfd63b4fcab2e02ddd130f7248645a8

  • SHA256

    6867eec47fa62a20ec13d8c9f68aa6a8d0a46163dee00af63e1887642ba8b949

  • SHA512

    e1a4a603fda423c5afe65218e7aa37ce5eef6d6f88a4b7f63c8d6d4b8f45ed4a1aca785dbac457048c358485e898afe3da9c4ab6e61c22ac3a418b5352085a8c

  • SSDEEP

    24576:hyTGi2vkfc2a4FFEVUDx/sncLFi1A1j/0Gf2kb:UThjzFEVUDx/sncLFYACGl

Malware Config

Targets

    • Target

      6867eec47fa62a20ec13d8c9f68aa6a8d0a46163dee00af63e1887642ba8b949

    • Size

      875KB

    • MD5

      21a3d2eb4b9588292127b887ad362a1d

    • SHA1

      62e6ecaa6dfd63b4fcab2e02ddd130f7248645a8

    • SHA256

      6867eec47fa62a20ec13d8c9f68aa6a8d0a46163dee00af63e1887642ba8b949

    • SHA512

      e1a4a603fda423c5afe65218e7aa37ce5eef6d6f88a4b7f63c8d6d4b8f45ed4a1aca785dbac457048c358485e898afe3da9c4ab6e61c22ac3a418b5352085a8c

    • SSDEEP

      24576:hyTGi2vkfc2a4FFEVUDx/sncLFi1A1j/0Gf2kb:UThjzFEVUDx/sncLFYACGl

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks