General

  • Target

    db0562700c994c7ef47aa9a3c85c4fabd1ebe4262970d08b88076713e48325b1

  • Size

    1.4MB

  • Sample

    231003-p67b8acf64

  • MD5

    b5b823550aac039fd2ec8e43fea4b34c

  • SHA1

    aeea25bcfc1d0b15cd2d5a537c29ff0b328a42a7

  • SHA256

    db0562700c994c7ef47aa9a3c85c4fabd1ebe4262970d08b88076713e48325b1

  • SHA512

    415ffd28b5720c8df959eed648df6f85fe72df11b3900a9fae7b285c96d801bbf86223d31b92f95ff0261b5692835f2f70ff90794fcbb2ad759be99196346f3b

  • SSDEEP

    24576:pyYwNB9GQ3oSPg47DS8seArQ1Xj95dXqL4J8t+pAA4t5RI9b6d0e1:cYwNBkMxPUHeAm5dXqLy8thVQb6d

Malware Config

Targets

    • Target

      db0562700c994c7ef47aa9a3c85c4fabd1ebe4262970d08b88076713e48325b1

    • Size

      1.4MB

    • MD5

      b5b823550aac039fd2ec8e43fea4b34c

    • SHA1

      aeea25bcfc1d0b15cd2d5a537c29ff0b328a42a7

    • SHA256

      db0562700c994c7ef47aa9a3c85c4fabd1ebe4262970d08b88076713e48325b1

    • SHA512

      415ffd28b5720c8df959eed648df6f85fe72df11b3900a9fae7b285c96d801bbf86223d31b92f95ff0261b5692835f2f70ff90794fcbb2ad759be99196346f3b

    • SSDEEP

      24576:pyYwNB9GQ3oSPg47DS8seArQ1Xj95dXqL4J8t+pAA4t5RI9b6d0e1:cYwNBkMxPUHeAm5dXqLy8thVQb6d

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks