General

  • Target

    48eb3ec3e2861155e7452daa59c6b022f15c3927bcd482fe15b0827460e58c6c

  • Size

    1.4MB

  • Sample

    231003-p7wl4sag61

  • MD5

    8e4953b029a067606b849f9ee0c4b84a

  • SHA1

    d436270f3c48dbaff65b1b457151b54ea16e2139

  • SHA256

    48eb3ec3e2861155e7452daa59c6b022f15c3927bcd482fe15b0827460e58c6c

  • SHA512

    dcfbcca7294d956f95dc005d865c01c41759661499381d3f941b62f6af3e4cd612879dee7d7255f69169baceda052b1f1b8a8eaf99cb3ff89d46ed00c519fb94

  • SSDEEP

    24576:KyWIlnP1wm8LGHLxaZqoelH8det2gh4t4oeprHSY6MN6EexrIyLiizypi/XmGVv:RWaIoE8Xlcd82git4oWjBNN7IIoypifJ

Malware Config

Targets

    • Target

      48eb3ec3e2861155e7452daa59c6b022f15c3927bcd482fe15b0827460e58c6c

    • Size

      1.4MB

    • MD5

      8e4953b029a067606b849f9ee0c4b84a

    • SHA1

      d436270f3c48dbaff65b1b457151b54ea16e2139

    • SHA256

      48eb3ec3e2861155e7452daa59c6b022f15c3927bcd482fe15b0827460e58c6c

    • SHA512

      dcfbcca7294d956f95dc005d865c01c41759661499381d3f941b62f6af3e4cd612879dee7d7255f69169baceda052b1f1b8a8eaf99cb3ff89d46ed00c519fb94

    • SSDEEP

      24576:KyWIlnP1wm8LGHLxaZqoelH8det2gh4t4oeprHSY6MN6EexrIyLiizypi/XmGVv:RWaIoE8Xlcd82git4oWjBNN7IIoypifJ

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks