General

  • Target

    04ccc94ffe962e255e62c1a95914c62569b16af49feea119bd9d7a36e0feb37c

  • Size

    437KB

  • Sample

    240430-wxw88acg6w

  • MD5

    6d68c6ee3cfb0db466a6e1cb75c82159

  • SHA1

    76582075bc63a764b26f3b08879916edc3e0cc1a

  • SHA256

    04ccc94ffe962e255e62c1a95914c62569b16af49feea119bd9d7a36e0feb37c

  • SHA512

    8964c14f2897afc19a9a0652b1a3dfeea895eefce98ab1ddd25b7087ccc594b0c51f0d9be29d05b1a2a9cf2a57438a99011eccfd66f1e6cb5cfb8ab7a660e92a

  • SSDEEP

    6144:Rsp0yN90QEyrt8fS7LT1iXm3PgsB308Cz55r/MNc1WK1HC5B2c7cZ40keje/N+M:ry90EtLJPTE55LMSWK1i17cq0hQR

Malware Config

Targets

    • Target

      04ccc94ffe962e255e62c1a95914c62569b16af49feea119bd9d7a36e0feb37c

    • Size

      437KB

    • MD5

      6d68c6ee3cfb0db466a6e1cb75c82159

    • SHA1

      76582075bc63a764b26f3b08879916edc3e0cc1a

    • SHA256

      04ccc94ffe962e255e62c1a95914c62569b16af49feea119bd9d7a36e0feb37c

    • SHA512

      8964c14f2897afc19a9a0652b1a3dfeea895eefce98ab1ddd25b7087ccc594b0c51f0d9be29d05b1a2a9cf2a57438a99011eccfd66f1e6cb5cfb8ab7a660e92a

    • SSDEEP

      6144:Rsp0yN90QEyrt8fS7LT1iXm3PgsB308Cz55r/MNc1WK1HC5B2c7cZ40keje/N+M:ry90EtLJPTE55LMSWK1i17cq0hQR

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks