General

  • Target

    c80249aec86a353b41beb715dbc0c33e52d5f14f3f1194f76ac5bdd227709232

  • Size

    876KB

  • Sample

    231003-lts3aabe94

  • MD5

    745b25406dfd501dd0a2b53e304b8fae

  • SHA1

    aa7a56968aca370079c572cbfd90a2c90b757ac7

  • SHA256

    c80249aec86a353b41beb715dbc0c33e52d5f14f3f1194f76ac5bdd227709232

  • SHA512

    b90b6b625975944206f9ea06561d2af026712245852a803d449082d9ac8c8c153cab098ef7174ea000dcb09d02808f1cc6c072fabffaa9416f24e815e8ef3ac4

  • SSDEEP

    24576:syBIQEiRHBgR9QpvkSCe/XscHitzyA0zJbT:bcijgRCvwe0cCtwlb

Malware Config

Targets

    • Target

      c80249aec86a353b41beb715dbc0c33e52d5f14f3f1194f76ac5bdd227709232

    • Size

      876KB

    • MD5

      745b25406dfd501dd0a2b53e304b8fae

    • SHA1

      aa7a56968aca370079c572cbfd90a2c90b757ac7

    • SHA256

      c80249aec86a353b41beb715dbc0c33e52d5f14f3f1194f76ac5bdd227709232

    • SHA512

      b90b6b625975944206f9ea06561d2af026712245852a803d449082d9ac8c8c153cab098ef7174ea000dcb09d02808f1cc6c072fabffaa9416f24e815e8ef3ac4

    • SSDEEP

      24576:syBIQEiRHBgR9QpvkSCe/XscHitzyA0zJbT:bcijgRCvwe0cCtwlb

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks