General

  • Target

    d0593bed5b7966e249690d688d21bd066677d8a4be4d0b4980786a4055f50f18

  • Size

    522KB

  • Sample

    241110-dhjqgaxnfy

  • MD5

    3e0af1268e63bae8c26d2b40a1a5c428

  • SHA1

    35ed74437c8bcfd6b019157c486b8ad58e442ef9

  • SHA256

    d0593bed5b7966e249690d688d21bd066677d8a4be4d0b4980786a4055f50f18

  • SHA512

    3e4088ace430ed47319ba7b065d1d1c34a17c7ab9d73b89665e8892dc5476f63037dbbd37f793fd4cdef077400c801c15d392682b54ef0c08093f0bc64f759cf

  • SSDEEP

    6144:ELMOH2JjI9ZdopfIeMCyHeID+IXZRCJ62LaCGYBW8U1pMQ:ELIJjI9IKVDHeqnXqHGYBW8IM

Malware Config

Targets

    • Target

      d0593bed5b7966e249690d688d21bd066677d8a4be4d0b4980786a4055f50f18

    • Size

      522KB

    • MD5

      3e0af1268e63bae8c26d2b40a1a5c428

    • SHA1

      35ed74437c8bcfd6b019157c486b8ad58e442ef9

    • SHA256

      d0593bed5b7966e249690d688d21bd066677d8a4be4d0b4980786a4055f50f18

    • SHA512

      3e4088ace430ed47319ba7b065d1d1c34a17c7ab9d73b89665e8892dc5476f63037dbbd37f793fd4cdef077400c801c15d392682b54ef0c08093f0bc64f759cf

    • SSDEEP

      6144:ELMOH2JjI9ZdopfIeMCyHeID+IXZRCJ62LaCGYBW8U1pMQ:ELIJjI9IKVDHeqnXqHGYBW8IM

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

MITRE ATT&CK Enterprise v15

Tasks