General

  • Target

    ed66b7b79560520482c891cccbf8414e4d6438e211542c3111d92a1ae68af4cf

  • Size

    1.0MB

  • Sample

    231003-l1kpgsbf37

  • MD5

    c463dbafd8cefa67b54805f77f720c37

  • SHA1

    d7d30a18d081340532ce49d2fb693fba575b0706

  • SHA256

    ed66b7b79560520482c891cccbf8414e4d6438e211542c3111d92a1ae68af4cf

  • SHA512

    6846c42b6aadfa2d1ebc8ad783e30375a15f60670335eca3f7931367dcdd52fdf8670b75c1300e24b5c13d21885e1f9648f57a6c1a34e3e699a02829b6d54c9b

  • SSDEEP

    24576:+y5r2BjaME1jAtozQirqrt48oGEMksSawqLS:NwW1sJir4t48oGDEawqL

Malware Config

Targets

    • Target

      ed66b7b79560520482c891cccbf8414e4d6438e211542c3111d92a1ae68af4cf

    • Size

      1.0MB

    • MD5

      c463dbafd8cefa67b54805f77f720c37

    • SHA1

      d7d30a18d081340532ce49d2fb693fba575b0706

    • SHA256

      ed66b7b79560520482c891cccbf8414e4d6438e211542c3111d92a1ae68af4cf

    • SHA512

      6846c42b6aadfa2d1ebc8ad783e30375a15f60670335eca3f7931367dcdd52fdf8670b75c1300e24b5c13d21885e1f9648f57a6c1a34e3e699a02829b6d54c9b

    • SSDEEP

      24576:+y5r2BjaME1jAtozQirqrt48oGEMksSawqLS:NwW1sJir4t48oGDEawqL

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks