General

  • Target

    51d09f6a439e061c80d5f3f04129f77189683c24fbaa13dd556659db007c8bd9

  • Size

    876KB

  • Sample

    231003-d8ty5agb2x

  • MD5

    27d012565a7414044cda7bf9e9dc0b41

  • SHA1

    76d6be1182b641f7c5bec6ae0d61e6b8be6e66e2

  • SHA256

    51d09f6a439e061c80d5f3f04129f77189683c24fbaa13dd556659db007c8bd9

  • SHA512

    02024f885f7b9c9a909e72f5120c3052213068901127c499f97ecd60c76042045058b58176a6458b7a2b327196e19691b039b933b299e30fe64e9f97face4515

  • SSDEEP

    12288:fMrQy90TRKP5mAeE8P0+D+hfuQl8pQdpnQC7pInt+UV8Dz5zsTsx4XIczpHCjg:PyoRKP5538c+ULsQdy0Jz5gNYccE

Malware Config

Targets

    • Target

      51d09f6a439e061c80d5f3f04129f77189683c24fbaa13dd556659db007c8bd9

    • Size

      876KB

    • MD5

      27d012565a7414044cda7bf9e9dc0b41

    • SHA1

      76d6be1182b641f7c5bec6ae0d61e6b8be6e66e2

    • SHA256

      51d09f6a439e061c80d5f3f04129f77189683c24fbaa13dd556659db007c8bd9

    • SHA512

      02024f885f7b9c9a909e72f5120c3052213068901127c499f97ecd60c76042045058b58176a6458b7a2b327196e19691b039b933b299e30fe64e9f97face4515

    • SSDEEP

      12288:fMrQy90TRKP5mAeE8P0+D+hfuQl8pQdpnQC7pInt+UV8Dz5zsTsx4XIczpHCjg:PyoRKP5538c+ULsQdy0Jz5gNYccE

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks