General

  • Target

    9956f5c340ab81adfc309b6f4bae5bb1f8d6fd96b25c60cb5c2d2991c3a2f980

  • Size

    521KB

  • Sample

    241110-a7mxmswbpk

  • MD5

    4826eb6cabdec65392f1ceb9baf87ff1

  • SHA1

    50d345f397745c74490023b5769722a84c4473f6

  • SHA256

    9956f5c340ab81adfc309b6f4bae5bb1f8d6fd96b25c60cb5c2d2991c3a2f980

  • SHA512

    2cf96222251b9598c30753e3aa96549bdd6406ae63735051154a1016514d456283a6dd8aefd305b44a94ad9d4da4cd405d23204a5ca70c56e5ed25aaa51c2c8e

  • SSDEEP

    6144:jaTyb5ISIgAa8tCMlW0G4Xs7xgjzyeoDE3I33C6vw7GtyPZyefq:jaTO5JIT1lW0dIdDDE3I33CCtw

Malware Config

Targets

    • Target

      9956f5c340ab81adfc309b6f4bae5bb1f8d6fd96b25c60cb5c2d2991c3a2f980

    • Size

      521KB

    • MD5

      4826eb6cabdec65392f1ceb9baf87ff1

    • SHA1

      50d345f397745c74490023b5769722a84c4473f6

    • SHA256

      9956f5c340ab81adfc309b6f4bae5bb1f8d6fd96b25c60cb5c2d2991c3a2f980

    • SHA512

      2cf96222251b9598c30753e3aa96549bdd6406ae63735051154a1016514d456283a6dd8aefd305b44a94ad9d4da4cd405d23204a5ca70c56e5ed25aaa51c2c8e

    • SSDEEP

      6144:jaTyb5ISIgAa8tCMlW0G4Xs7xgjzyeoDE3I33C6vw7GtyPZyefq:jaTO5JIT1lW0dIdDDE3I33CCtw

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

MITRE ATT&CK Enterprise v15

Tasks