General

  • Target

    e0a29c659f4e561c6aa6602c6bcf3edf528a958a61f31cb1add0cf30eda80a2f

  • Size

    877KB

  • Sample

    231003-eqm9asgb6w

  • MD5

    9853494afa8b2febb175ce977e90d07f

  • SHA1

    569a29ffa67b778e60d8aeeaa46f4ae35444b9dc

  • SHA256

    e0a29c659f4e561c6aa6602c6bcf3edf528a958a61f31cb1add0cf30eda80a2f

  • SHA512

    44ce0c5caa56616706b6331d07a89363d5732411f45a9a965f57b45090e152f7d24707c033405a6e36c0a33e9a22c7b5296f7ca9769ca6ccf3a284c28422a871

  • SSDEEP

    12288:vMrdy90gi8xWPALZRkqEIh0lQVRTCs5oZd3g3A+b3RhsiuZjhkS1m71WC7TZ:+y7WYL3FEiAQvV5OqAyUjqQm7QC7F

Malware Config

Targets

    • Target

      e0a29c659f4e561c6aa6602c6bcf3edf528a958a61f31cb1add0cf30eda80a2f

    • Size

      877KB

    • MD5

      9853494afa8b2febb175ce977e90d07f

    • SHA1

      569a29ffa67b778e60d8aeeaa46f4ae35444b9dc

    • SHA256

      e0a29c659f4e561c6aa6602c6bcf3edf528a958a61f31cb1add0cf30eda80a2f

    • SHA512

      44ce0c5caa56616706b6331d07a89363d5732411f45a9a965f57b45090e152f7d24707c033405a6e36c0a33e9a22c7b5296f7ca9769ca6ccf3a284c28422a871

    • SSDEEP

      12288:vMrdy90gi8xWPALZRkqEIh0lQVRTCs5oZd3g3A+b3RhsiuZjhkS1m71WC7TZ:+y7WYL3FEiAQvV5OqAyUjqQm7QC7F

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks