General

  • Target

    7b10517376b87e9d87777e2489957ad18ce895b5218fe2e67b44b797069dc6ecN.exe

  • Size

    301KB

  • Sample

    241112-1fkajs1kax

  • MD5

    f69064792318d47140de55d172f8f89b

  • SHA1

    822e5b6e60c215b7bddaf55d4036ac9a59a68b81

  • SHA256

    5c28fc710e220b947eb9c7104216ebd818589b0fc1a01a1edd53f45fefacc66a

  • SHA512

    8b47a9f58bbba7d9000cc87d76f8b659bd17287860343fa3e3b1424aea8454a2a4b7fed3ac0d6c6c37bde8b55cd94c41776119d817747722fcb878f45922b512

  • SSDEEP

    6144:sDKW1Lgbdl0TBBvjc/Ovb+8Lyh6Ct/4xg+NoMAFzu0HE9lA2C:6h1Lk70TnvjcYbnstT+3AF6HC

Malware Config

Targets

    • Target

      7b10517376b87e9d87777e2489957ad18ce895b5218fe2e67b44b797069dc6ecN.exe

    • Size

      301KB

    • MD5

      f69064792318d47140de55d172f8f89b

    • SHA1

      822e5b6e60c215b7bddaf55d4036ac9a59a68b81

    • SHA256

      5c28fc710e220b947eb9c7104216ebd818589b0fc1a01a1edd53f45fefacc66a

    • SHA512

      8b47a9f58bbba7d9000cc87d76f8b659bd17287860343fa3e3b1424aea8454a2a4b7fed3ac0d6c6c37bde8b55cd94c41776119d817747722fcb878f45922b512

    • SSDEEP

      6144:sDKW1Lgbdl0TBBvjc/Ovb+8Lyh6Ct/4xg+NoMAFzu0HE9lA2C:6h1Lk70TnvjcYbnstT+3AF6HC

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

MITRE ATT&CK Enterprise v15

Tasks