General

  • Target

    1d3dc3cdbd0613da43910a7b08e28dac68f95821100ededfdfa75c19a322bc2b

  • Size

    554KB

  • Sample

    241109-y1z6dstqbr

  • MD5

    c2fc8f74978e0c9a4092bcc18b297b6b

  • SHA1

    226ab6b6229e9d622d99ff029d5c1ff792b8947f

  • SHA256

    1d3dc3cdbd0613da43910a7b08e28dac68f95821100ededfdfa75c19a322bc2b

  • SHA512

    ecb7ccfb30c00ce647236ef353191c66f9353c09d70f27d677e9cd7aebb853b4bea29e9f094bae08fa0992eda6ff9ad1fe5e638b7166b68f5e9510cfdd4929c3

  • SSDEEP

    12288:1y90BmrpSmIwi/42zKWtTK3AFDMeMXZGPbC4Q2Z:1yjrzidtP6e+4QU

Malware Config

Targets

    • Target

      1d3dc3cdbd0613da43910a7b08e28dac68f95821100ededfdfa75c19a322bc2b

    • Size

      554KB

    • MD5

      c2fc8f74978e0c9a4092bcc18b297b6b

    • SHA1

      226ab6b6229e9d622d99ff029d5c1ff792b8947f

    • SHA256

      1d3dc3cdbd0613da43910a7b08e28dac68f95821100ededfdfa75c19a322bc2b

    • SHA512

      ecb7ccfb30c00ce647236ef353191c66f9353c09d70f27d677e9cd7aebb853b4bea29e9f094bae08fa0992eda6ff9ad1fe5e638b7166b68f5e9510cfdd4929c3

    • SSDEEP

      12288:1y90BmrpSmIwi/42zKWtTK3AFDMeMXZGPbC4Q2Z:1yjrzidtP6e+4QU

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks