General

  • Target

    cd169454ce2b1a9455551326011c76deff2603c140ec260ad08df9ad88c0256d

  • Size

    877KB

  • Sample

    231003-elyt8saa34

  • MD5

    35478a96437c153f21db32aeb951e3ed

  • SHA1

    410214b7362e2c5dc2be29dea3c6a7a8ad2f4eee

  • SHA256

    cd169454ce2b1a9455551326011c76deff2603c140ec260ad08df9ad88c0256d

  • SHA512

    42c7ee6268d7db086a67f2df0c947f8d250f89dee19a531e831dcbff99537ccbc1dd5826b54939697dc7fc96a036381596004212c4391f4806b371a22b83816a

  • SSDEEP

    12288:ZMrty90IWDvyEjc0Q5VCEKj5b4GhnoizhES+Q+Algb5LxqmZqgkOVPV67n/HOKjX:EyIWEjbgoEKj5NhogcAALPtg/OKjd+O

Malware Config

Targets

    • Target

      cd169454ce2b1a9455551326011c76deff2603c140ec260ad08df9ad88c0256d

    • Size

      877KB

    • MD5

      35478a96437c153f21db32aeb951e3ed

    • SHA1

      410214b7362e2c5dc2be29dea3c6a7a8ad2f4eee

    • SHA256

      cd169454ce2b1a9455551326011c76deff2603c140ec260ad08df9ad88c0256d

    • SHA512

      42c7ee6268d7db086a67f2df0c947f8d250f89dee19a531e831dcbff99537ccbc1dd5826b54939697dc7fc96a036381596004212c4391f4806b371a22b83816a

    • SSDEEP

      12288:ZMrty90IWDvyEjc0Q5VCEKj5b4GhnoizhES+Q+Algb5LxqmZqgkOVPV67n/HOKjX:EyIWEjbgoEKj5NhogcAALPtg/OKjd+O

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks