General

  • Target

    8fb47b845f37620b508c9a11b7319b903636bbb755c97acc0a55014ad66c32bf

  • Size

    877KB

  • Sample

    231003-l641bahg4t

  • MD5

    3fa49eb2eb1f499523f102c250336a87

  • SHA1

    4baf838040e76c46b334c93acaab02efcd93c9b1

  • SHA256

    8fb47b845f37620b508c9a11b7319b903636bbb755c97acc0a55014ad66c32bf

  • SHA512

    25c2a3eeac555837b0b8ab47893f3bffd46c2b01e8f90981cf8c68f6c36275be6d2c458012d330393185a9a549b633e5807469298cb7698e2943ee760993c8ac

  • SSDEEP

    12288:7Mrwy90U/RkR/aH3UGe6Gf8+siyL1iI25OQ3KlCi8SI7yjnbomgpcc63VP8jpbN/:HyhRkRG30AriyS5OQ3KCVsjnlg7osh/

Malware Config

Targets

    • Target

      8fb47b845f37620b508c9a11b7319b903636bbb755c97acc0a55014ad66c32bf

    • Size

      877KB

    • MD5

      3fa49eb2eb1f499523f102c250336a87

    • SHA1

      4baf838040e76c46b334c93acaab02efcd93c9b1

    • SHA256

      8fb47b845f37620b508c9a11b7319b903636bbb755c97acc0a55014ad66c32bf

    • SHA512

      25c2a3eeac555837b0b8ab47893f3bffd46c2b01e8f90981cf8c68f6c36275be6d2c458012d330393185a9a549b633e5807469298cb7698e2943ee760993c8ac

    • SSDEEP

      12288:7Mrwy90U/RkR/aH3UGe6Gf8+siyL1iI25OQ3KlCi8SI7yjnbomgpcc63VP8jpbN/:HyhRkRG30AriyS5OQ3KCVsjnlg7osh/

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks