General

  • Target

    3e21ebfaa63da76b46dd13f870963d10ffa89e931216ec7d69f569c237a8cdd8

  • Size

    1.4MB

  • Sample

    231003-pkdg1saf3x

  • MD5

    c5f4e59bc175923e396e9a0008ed22bc

  • SHA1

    f8cbab14a2a327d9d8cc2100452a38c60d9f17ad

  • SHA256

    3e21ebfaa63da76b46dd13f870963d10ffa89e931216ec7d69f569c237a8cdd8

  • SHA512

    d0311232ce2be75558a339efda5c8663960d502851d87a9491b9e6d27f87dceb7f0b0fdae649acd3cdcf057d1e16432c5d3c94fd13ae68f8043c9a0eb5aac15b

  • SSDEEP

    24576:qy7NeDE6P4wO4uGa7U7V1cev3sOJGm0NEAi83BOT1qUpsuOaBgjsmDfc0:xdOOHG8U7TcIlGmuG8RORsuBW9

Malware Config

Targets

    • Target

      3e21ebfaa63da76b46dd13f870963d10ffa89e931216ec7d69f569c237a8cdd8

    • Size

      1.4MB

    • MD5

      c5f4e59bc175923e396e9a0008ed22bc

    • SHA1

      f8cbab14a2a327d9d8cc2100452a38c60d9f17ad

    • SHA256

      3e21ebfaa63da76b46dd13f870963d10ffa89e931216ec7d69f569c237a8cdd8

    • SHA512

      d0311232ce2be75558a339efda5c8663960d502851d87a9491b9e6d27f87dceb7f0b0fdae649acd3cdcf057d1e16432c5d3c94fd13ae68f8043c9a0eb5aac15b

    • SSDEEP

      24576:qy7NeDE6P4wO4uGa7U7V1cev3sOJGm0NEAi83BOT1qUpsuOaBgjsmDfc0:xdOOHG8U7TcIlGmuG8RORsuBW9

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks