General

  • Target

    5b6a40f4dc63118dd2e9a9a1d681a651c74affea210e0825be0284bf66257dde

  • Size

    877KB

  • Sample

    231003-mtbnnsaa2z

  • MD5

    e1fd0136de0b795489f206fd835f9b0c

  • SHA1

    4babbf14ffe7352b62f0b6422ff34eea5ab596e1

  • SHA256

    5b6a40f4dc63118dd2e9a9a1d681a651c74affea210e0825be0284bf66257dde

  • SHA512

    ab09cdb1b1a6cd757184ca21d131a74033b5d483ced48a02678b159cc90de14fd3d85d8f3093c50358db02e0cc56c4fd50e9c6ac57e21cb08b407e2acf7c1356

  • SSDEEP

    24576:QyHqDWYzq0LOqTSWvgis7/aE8IGshLG/G4VC:XKDWYzq0LvTSWvgj/aE8IRhCe4

Malware Config

Targets

    • Target

      5b6a40f4dc63118dd2e9a9a1d681a651c74affea210e0825be0284bf66257dde

    • Size

      877KB

    • MD5

      e1fd0136de0b795489f206fd835f9b0c

    • SHA1

      4babbf14ffe7352b62f0b6422ff34eea5ab596e1

    • SHA256

      5b6a40f4dc63118dd2e9a9a1d681a651c74affea210e0825be0284bf66257dde

    • SHA512

      ab09cdb1b1a6cd757184ca21d131a74033b5d483ced48a02678b159cc90de14fd3d85d8f3093c50358db02e0cc56c4fd50e9c6ac57e21cb08b407e2acf7c1356

    • SSDEEP

      24576:QyHqDWYzq0LOqTSWvgis7/aE8IGshLG/G4VC:XKDWYzq0LvTSWvgj/aE8IRhCe4

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks