General

  • Target

    2c8725f2e4f6492329733bdff59d73315a150f47b50d444e0beea7b41169dfbe

  • Size

    1.0MB

  • Sample

    231003-edjqcagb3y

  • MD5

    12a048702339f7c2c9ef8eaa39c0496e

  • SHA1

    ba67438ed20b44ed714b1ef8a9765f80df7e44f2

  • SHA256

    2c8725f2e4f6492329733bdff59d73315a150f47b50d444e0beea7b41169dfbe

  • SHA512

    d410197130d79c66a036846c376bac37cae78dbd860ba6be95d2fc380695f0f065a7428306130a0cc39eda90062c52b7666260db6dc5cc40bcf740cbddb71bf9

  • SSDEEP

    24576:HyU9QAeUJKUjNQw6/4SMDUIz5yLjwHJAyb:SjAtJKW9Y4SMwaJA

Malware Config

Targets

    • Target

      2c8725f2e4f6492329733bdff59d73315a150f47b50d444e0beea7b41169dfbe

    • Size

      1.0MB

    • MD5

      12a048702339f7c2c9ef8eaa39c0496e

    • SHA1

      ba67438ed20b44ed714b1ef8a9765f80df7e44f2

    • SHA256

      2c8725f2e4f6492329733bdff59d73315a150f47b50d444e0beea7b41169dfbe

    • SHA512

      d410197130d79c66a036846c376bac37cae78dbd860ba6be95d2fc380695f0f065a7428306130a0cc39eda90062c52b7666260db6dc5cc40bcf740cbddb71bf9

    • SSDEEP

      24576:HyU9QAeUJKUjNQw6/4SMDUIz5yLjwHJAyb:SjAtJKW9Y4SMwaJA

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks