General

  • Target

    130e47b82560dca1740dd7aa4949540b9d7cd1f1cc6b4f3bfba9d109f75425ff

  • Size

    877KB

  • Sample

    231003-mbst8sbf73

  • MD5

    f6f9288bd8453907fac8d027d4416fe7

  • SHA1

    f4e27190564cebbba03505e71ecfb96b12f925d8

  • SHA256

    130e47b82560dca1740dd7aa4949540b9d7cd1f1cc6b4f3bfba9d109f75425ff

  • SHA512

    9d4492a04c7170852706b43b81cc88c1e0f3d38e91899cb12870bbf543edcb86d1a31896e47cc5ef055b144df1c957438b951dd22eb83515029b93937ea891b9

  • SSDEEP

    12288:LMr0y90q0BId7pmR36IyeeudyqvPfaaZlCI4GL2/M8onN7Goyd6e2k2IgEVYubZI:3y9Y31cgLlCBGL2/5EG1se2YYubZI

Malware Config

Targets

    • Target

      130e47b82560dca1740dd7aa4949540b9d7cd1f1cc6b4f3bfba9d109f75425ff

    • Size

      877KB

    • MD5

      f6f9288bd8453907fac8d027d4416fe7

    • SHA1

      f4e27190564cebbba03505e71ecfb96b12f925d8

    • SHA256

      130e47b82560dca1740dd7aa4949540b9d7cd1f1cc6b4f3bfba9d109f75425ff

    • SHA512

      9d4492a04c7170852706b43b81cc88c1e0f3d38e91899cb12870bbf543edcb86d1a31896e47cc5ef055b144df1c957438b951dd22eb83515029b93937ea891b9

    • SSDEEP

      12288:LMr0y90q0BId7pmR36IyeeudyqvPfaaZlCI4GL2/M8onN7Goyd6e2k2IgEVYubZI:3y9Y31cgLlCBGL2/5EG1se2YYubZI

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks