General

  • Target

    017be553518b628dec14e60524b631fc62e1087b7d58f44b7b86914d27053f87

  • Size

    717KB

  • Sample

    241109-xs8xwszjcx

  • MD5

    19487714b2f6896c10ad4e608f6aa6e0

  • SHA1

    5e659012c3149adfeaf07c6c212adb0f41114c9b

  • SHA256

    017be553518b628dec14e60524b631fc62e1087b7d58f44b7b86914d27053f87

  • SHA512

    4cc56836e7201adc03b3254c1ab74534f37e5dc7d57ddded65ff1967df6f273aeed6c1e79bbc507972c8a1d43302cab0451d2470578c36d185bdc5330070a4c5

  • SSDEEP

    12288:sy90xmrpSmIwi/42zKWtTK3AFD987N9P3YwR7PTlqRpn4nvkHwlE+E2bgtlI:syTrzidtPP8JJ3Ywlrlqr4Kw++PbgQ

Malware Config

Targets

    • Target

      017be553518b628dec14e60524b631fc62e1087b7d58f44b7b86914d27053f87

    • Size

      717KB

    • MD5

      19487714b2f6896c10ad4e608f6aa6e0

    • SHA1

      5e659012c3149adfeaf07c6c212adb0f41114c9b

    • SHA256

      017be553518b628dec14e60524b631fc62e1087b7d58f44b7b86914d27053f87

    • SHA512

      4cc56836e7201adc03b3254c1ab74534f37e5dc7d57ddded65ff1967df6f273aeed6c1e79bbc507972c8a1d43302cab0451d2470578c36d185bdc5330070a4c5

    • SSDEEP

      12288:sy90xmrpSmIwi/42zKWtTK3AFD987N9P3YwR7PTlqRpn4nvkHwlE+E2bgtlI:syTrzidtPP8JJ3Ywlrlqr4Kw++PbgQ

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks