General

  • Target

    b6bdaa9ba610cf8b232e7b07e084ac3992fc4c85bce279c8d8d12f722bffb172N.exe

  • Size

    479KB

  • Sample

    241113-v8625awjav

  • MD5

    c5221aea775ae5a8b3057cd548034a00

  • SHA1

    80f312104b167fe9420a2263fd1f46cae4c68b50

  • SHA256

    b6bdaa9ba610cf8b232e7b07e084ac3992fc4c85bce279c8d8d12f722bffb172

  • SHA512

    c7b14c12659400e6b6797f03de457073871f6f6ca1bafde2c38320a2875449ec3771e7ef70983e658ef2f93586b11b87509196289223a42c1f44dafae0a0f3a8

  • SSDEEP

    12288:QlLAzydTpoidKmYb0Gkw93vt1rvTdd+MXs:6LAzyP7d/LG3lbTX

Malware Config

Targets

    • Target

      b6bdaa9ba610cf8b232e7b07e084ac3992fc4c85bce279c8d8d12f722bffb172N.exe

    • Size

      479KB

    • MD5

      c5221aea775ae5a8b3057cd548034a00

    • SHA1

      80f312104b167fe9420a2263fd1f46cae4c68b50

    • SHA256

      b6bdaa9ba610cf8b232e7b07e084ac3992fc4c85bce279c8d8d12f722bffb172

    • SHA512

      c7b14c12659400e6b6797f03de457073871f6f6ca1bafde2c38320a2875449ec3771e7ef70983e658ef2f93586b11b87509196289223a42c1f44dafae0a0f3a8

    • SSDEEP

      12288:QlLAzydTpoidKmYb0Gkw93vt1rvTdd+MXs:6LAzyP7d/LG3lbTX

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

MITRE ATT&CK Enterprise v15

Tasks