General
-
Target
0b4e256ded679ffb3ff9da8580a33e438bc3ba38e9cf22158b7a799829c3cc71
-
Size
877KB
-
Sample
231003-me98pahg9w
-
MD5
48a8f720d9e9a428f48cdc52c37b2f0d
-
SHA1
881d28a96eb3cad31bd07c51c918c727bcbbb68f
-
SHA256
0b4e256ded679ffb3ff9da8580a33e438bc3ba38e9cf22158b7a799829c3cc71
-
SHA512
f50d7c20bc52126f444a51522b214dddc05f1decc38d0311cf8c8aa1d5bab1e240adce6f477c4ac45feec06db5c35d67de33bf052f71d6e43cad1f3e62f49caf
-
SSDEEP
12288:eMrFy90qx+oKvCTpefA9rs2PVmBt+8NcoRGepo9KLHoAmkvMH8kOIDDBBjWV:ry/8Qs49w2PmtkoRGe+9TAn/k5DD/WV
Static task
static1
Behavioral task
behavioral1
Sample
0b4e256ded679ffb3ff9da8580a33e438bc3ba38e9cf22158b7a799829c3cc71.exe
Resource
win10-20230915-en
Malware Config
Targets
-
-
Target
0b4e256ded679ffb3ff9da8580a33e438bc3ba38e9cf22158b7a799829c3cc71
-
Size
877KB
-
MD5
48a8f720d9e9a428f48cdc52c37b2f0d
-
SHA1
881d28a96eb3cad31bd07c51c918c727bcbbb68f
-
SHA256
0b4e256ded679ffb3ff9da8580a33e438bc3ba38e9cf22158b7a799829c3cc71
-
SHA512
f50d7c20bc52126f444a51522b214dddc05f1decc38d0311cf8c8aa1d5bab1e240adce6f477c4ac45feec06db5c35d67de33bf052f71d6e43cad1f3e62f49caf
-
SSDEEP
12288:eMrFy90qx+oKvCTpefA9rs2PVmBt+8NcoRGepo9KLHoAmkvMH8kOIDDBBjWV:ry/8Qs49w2PmtkoRGe+9TAn/k5DD/WV
Score10/10-
Detects Healer an antivirus disabler dropper
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1