General

  • Target

    368316a4f84b6d30fc36c95c2dd035fd2b9809422112ce90adbd796cad8c5c43

  • Size

    877KB

  • Sample

    231003-m2rd4aaa7v

  • MD5

    a8430a1005362be55d1b88a2ff39c2ce

  • SHA1

    a02e9f638f0df9e3e78bd2843e32ee427d74ccd0

  • SHA256

    368316a4f84b6d30fc36c95c2dd035fd2b9809422112ce90adbd796cad8c5c43

  • SHA512

    ffdd36b432c0c39f152c51d6a2c28fe57b55d6faa31472362b3bafa2a5b63512aeda998cd1733841073a6192f3053d7e01fd85f132320457f73916b5f37bea96

  • SSDEEP

    24576:YyKqYFuar6gImhp4y1E35LxZygA9ItTVIz:far6tmhpLk5LxwgA9CW

Malware Config

Targets

    • Target

      368316a4f84b6d30fc36c95c2dd035fd2b9809422112ce90adbd796cad8c5c43

    • Size

      877KB

    • MD5

      a8430a1005362be55d1b88a2ff39c2ce

    • SHA1

      a02e9f638f0df9e3e78bd2843e32ee427d74ccd0

    • SHA256

      368316a4f84b6d30fc36c95c2dd035fd2b9809422112ce90adbd796cad8c5c43

    • SHA512

      ffdd36b432c0c39f152c51d6a2c28fe57b55d6faa31472362b3bafa2a5b63512aeda998cd1733841073a6192f3053d7e01fd85f132320457f73916b5f37bea96

    • SSDEEP

      24576:YyKqYFuar6gImhp4y1E35LxZygA9ItTVIz:far6tmhpLk5LxwgA9CW

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks