General

  • Target

    41dd805c772fa2a8af39c77518dcce158efcf3a9b4b6bd56f0f4978e20dfa82d.exe

  • Size

    478KB

  • Sample

    241113-v91lqswfjh

  • MD5

    0e3292353d74c1eed15140a27bf3bc29

  • SHA1

    28fadb0d04057fa693ffbfbd96a1a347d73377cd

  • SHA256

    41dd805c772fa2a8af39c77518dcce158efcf3a9b4b6bd56f0f4978e20dfa82d

  • SHA512

    fa870696beda04358ea8393dc7bf2e6b7f2f54999f0e57c3f26c78f482138751e63b84924ed2254b1e20efbd654455710aaa6f460b59ef35061f798f124d4c93

  • SSDEEP

    6144:sbZK9OeX6RG1Qva0C8OaScRq7MWznkcDGh8Sv6XRrLAyg2ET7RVz:sbZ0OeX6R0QS0VOOQhznkQK6XJLyRVz

Malware Config

Targets

    • Target

      41dd805c772fa2a8af39c77518dcce158efcf3a9b4b6bd56f0f4978e20dfa82d.exe

    • Size

      478KB

    • MD5

      0e3292353d74c1eed15140a27bf3bc29

    • SHA1

      28fadb0d04057fa693ffbfbd96a1a347d73377cd

    • SHA256

      41dd805c772fa2a8af39c77518dcce158efcf3a9b4b6bd56f0f4978e20dfa82d

    • SHA512

      fa870696beda04358ea8393dc7bf2e6b7f2f54999f0e57c3f26c78f482138751e63b84924ed2254b1e20efbd654455710aaa6f460b59ef35061f798f124d4c93

    • SSDEEP

      6144:sbZK9OeX6RG1Qva0C8OaScRq7MWznkcDGh8Sv6XRrLAyg2ET7RVz:sbZ0OeX6R0QS0VOOQhznkQK6XJLyRVz

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

MITRE ATT&CK Enterprise v15

Tasks