General

  • Target

    7d3967cf6f8f9f8012e668d341ebba1f2d820ecc6c1c81daca2e80ef6721bf02

  • Size

    1.4MB

  • Sample

    231003-ptvsnace86

  • MD5

    18bc3ba45ec11889768792c968fc45e3

  • SHA1

    00b2d1c2095808ce268d63e28786d1bdfb9302de

  • SHA256

    7d3967cf6f8f9f8012e668d341ebba1f2d820ecc6c1c81daca2e80ef6721bf02

  • SHA512

    2f2e3c5b66c4955c1b98dc8abef3b8607ce3b523a034f060a69ba398396dbde92f337ccb1fd67d2194f2b916f76a3b8e4741d6c227ac31d61ff96d4912bd4011

  • SSDEEP

    24576:TyUSQVGAla68kvUaXGcMnnmhQyAI0qgmOAU8fA0bFMibNjv57O:mUVl7iTcMnnmh7lzgmub0bBNLp

Malware Config

Targets

    • Target

      7d3967cf6f8f9f8012e668d341ebba1f2d820ecc6c1c81daca2e80ef6721bf02

    • Size

      1.4MB

    • MD5

      18bc3ba45ec11889768792c968fc45e3

    • SHA1

      00b2d1c2095808ce268d63e28786d1bdfb9302de

    • SHA256

      7d3967cf6f8f9f8012e668d341ebba1f2d820ecc6c1c81daca2e80ef6721bf02

    • SHA512

      2f2e3c5b66c4955c1b98dc8abef3b8607ce3b523a034f060a69ba398396dbde92f337ccb1fd67d2194f2b916f76a3b8e4741d6c227ac31d61ff96d4912bd4011

    • SSDEEP

      24576:TyUSQVGAla68kvUaXGcMnnmhQyAI0qgmOAU8fA0bFMibNjv57O:mUVl7iTcMnnmh7lzgmub0bBNLp

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks