General

  • Target

    0b4e256ded679ffb3ff9da8580a33e438bc3ba38e9cf22158b7a799829c3cc71

  • Size

    877KB

  • Sample

    231003-me98pahg9w

  • MD5

    48a8f720d9e9a428f48cdc52c37b2f0d

  • SHA1

    881d28a96eb3cad31bd07c51c918c727bcbbb68f

  • SHA256

    0b4e256ded679ffb3ff9da8580a33e438bc3ba38e9cf22158b7a799829c3cc71

  • SHA512

    f50d7c20bc52126f444a51522b214dddc05f1decc38d0311cf8c8aa1d5bab1e240adce6f477c4ac45feec06db5c35d67de33bf052f71d6e43cad1f3e62f49caf

  • SSDEEP

    12288:eMrFy90qx+oKvCTpefA9rs2PVmBt+8NcoRGepo9KLHoAmkvMH8kOIDDBBjWV:ry/8Qs49w2PmtkoRGe+9TAn/k5DD/WV

Malware Config

Targets

    • Target

      0b4e256ded679ffb3ff9da8580a33e438bc3ba38e9cf22158b7a799829c3cc71

    • Size

      877KB

    • MD5

      48a8f720d9e9a428f48cdc52c37b2f0d

    • SHA1

      881d28a96eb3cad31bd07c51c918c727bcbbb68f

    • SHA256

      0b4e256ded679ffb3ff9da8580a33e438bc3ba38e9cf22158b7a799829c3cc71

    • SHA512

      f50d7c20bc52126f444a51522b214dddc05f1decc38d0311cf8c8aa1d5bab1e240adce6f477c4ac45feec06db5c35d67de33bf052f71d6e43cad1f3e62f49caf

    • SSDEEP

      12288:eMrFy90qx+oKvCTpefA9rs2PVmBt+8NcoRGepo9KLHoAmkvMH8kOIDDBBjWV:ry/8Qs49w2PmtkoRGe+9TAn/k5DD/WV

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks