General

  • Target

    713a19e067ce91ddf45952c049a8d835565692cf18461e248ed6c2c5ad6f1aa3N.exe

  • Size

    679KB

  • Sample

    241111-qahjnazdpe

  • MD5

    9bd02adc9994019bf85b9b1cb38b7453

  • SHA1

    2f0e8b8d73537558dd55f159402ee084705b1905

  • SHA256

    bbaf0740f94f2373adab301820629fd3f928310947fbf9fb8a14def1d47a566d

  • SHA512

    674f6ef4216e39f59dacfdb0a962b6050c7216841732adbdb4df089438d6679abc78e81844ce87ca758fdd55c9d1819751a908db2492eb3ae6e96c52aafa011c

  • SSDEEP

    12288:ly90smrpSmIwi/42zKWtTK3AFDvDYWY8eHjhdU3p5U4/WwpXM5j0:ly2rzidtP1EsW0vA0

Malware Config

Targets

    • Target

      713a19e067ce91ddf45952c049a8d835565692cf18461e248ed6c2c5ad6f1aa3N.exe

    • Size

      679KB

    • MD5

      9bd02adc9994019bf85b9b1cb38b7453

    • SHA1

      2f0e8b8d73537558dd55f159402ee084705b1905

    • SHA256

      bbaf0740f94f2373adab301820629fd3f928310947fbf9fb8a14def1d47a566d

    • SHA512

      674f6ef4216e39f59dacfdb0a962b6050c7216841732adbdb4df089438d6679abc78e81844ce87ca758fdd55c9d1819751a908db2492eb3ae6e96c52aafa011c

    • SSDEEP

      12288:ly90smrpSmIwi/42zKWtTK3AFDvDYWY8eHjhdU3p5U4/WwpXM5j0:ly2rzidtP1EsW0vA0

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks