General

  • Target

    3d65f306464b18f0edab99eb31fef7f217959a68b6bcdf3a5c95e6a349a4f45f

  • Size

    1.4MB

  • Sample

    231003-pzb8haag4w

  • MD5

    c5c123aa5f206bd2f21a2c82da6ee395

  • SHA1

    d1963264120d7531c81efc0663d9617959b1476a

  • SHA256

    3d65f306464b18f0edab99eb31fef7f217959a68b6bcdf3a5c95e6a349a4f45f

  • SHA512

    87088c687deabe3c2869d53bd45215808937751346b02478d7ae66ee9f2458ca5a72023c9ce6180f347cabed2d8b2f329f64695a8ec295c35e616f3af5e08b7d

  • SSDEEP

    24576:YytCGqDUhYUr2D/wDQkQAQla3AUgKc2G+xiS/gUVthXppTtxu2/vK8pxPwTr:ftCXDUPY/CQkQAQAAUgKnG+UwgUVtVXe

Malware Config

Targets

    • Target

      3d65f306464b18f0edab99eb31fef7f217959a68b6bcdf3a5c95e6a349a4f45f

    • Size

      1.4MB

    • MD5

      c5c123aa5f206bd2f21a2c82da6ee395

    • SHA1

      d1963264120d7531c81efc0663d9617959b1476a

    • SHA256

      3d65f306464b18f0edab99eb31fef7f217959a68b6bcdf3a5c95e6a349a4f45f

    • SHA512

      87088c687deabe3c2869d53bd45215808937751346b02478d7ae66ee9f2458ca5a72023c9ce6180f347cabed2d8b2f329f64695a8ec295c35e616f3af5e08b7d

    • SSDEEP

      24576:YytCGqDUhYUr2D/wDQkQAQla3AUgKc2G+xiS/gUVthXppTtxu2/vK8pxPwTr:ftCXDUPY/CQkQAQAAUgKnG+UwgUVtVXe

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks