General

  • Target

    d5a1b483ef0a821c44716aa8c89659ea2fbb433042c28ad3b14e82e8da2ea579

  • Size

    876KB

  • Sample

    231003-egwt3saa22

  • MD5

    d036e7eddb4c37dc7e993ee6204c2f86

  • SHA1

    9c5dee9fe2f8a33162ea788d56759f3006719cf0

  • SHA256

    d5a1b483ef0a821c44716aa8c89659ea2fbb433042c28ad3b14e82e8da2ea579

  • SHA512

    39590e49f7b74ba7a8063cb9410d5892ddf265e9aea3b19e68344469d59700a12a74b26b604921cf570bba0da77c1cf79e96b61912531d1fe3a181d5c62c758e

  • SSDEEP

    24576:5ycbETqepfXBly4xrIzaEU2BSesaP7fHXLo2dYOkMf:scQmeJ3y4EaEUlesWH8

Malware Config

Targets

    • Target

      d5a1b483ef0a821c44716aa8c89659ea2fbb433042c28ad3b14e82e8da2ea579

    • Size

      876KB

    • MD5

      d036e7eddb4c37dc7e993ee6204c2f86

    • SHA1

      9c5dee9fe2f8a33162ea788d56759f3006719cf0

    • SHA256

      d5a1b483ef0a821c44716aa8c89659ea2fbb433042c28ad3b14e82e8da2ea579

    • SHA512

      39590e49f7b74ba7a8063cb9410d5892ddf265e9aea3b19e68344469d59700a12a74b26b604921cf570bba0da77c1cf79e96b61912531d1fe3a181d5c62c758e

    • SSDEEP

      24576:5ycbETqepfXBly4xrIzaEU2BSesaP7fHXLo2dYOkMf:scQmeJ3y4EaEUlesWH8

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks