Overview

overview

10

Static

static

3

3dbaf066b1...13.exe

windows7-x64

10

3dbaf066b1...13.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3dbaf066b17de562b151f02d6c4901c11c8c5ed2c60433d2b7f6ad5310810613.exe

  • Size

    1.7MB

  • Sample

    250120-nwmpdsxmdt

  • MD5

    3008b212d4597987fc22934ff0ac8461

  • SHA1

    b045dbc6c88e1b1ad1e93007cbee370a8e956a27

  • SHA256

    3dbaf066b17de562b151f02d6c4901c11c8c5ed2c60433d2b7f6ad5310810613

  • SHA512

    67f24a6638fa37df093dca69bdf1a44bc72c7cd0d880b9c49e1e94f34888eb97bc980a1f935175d0da9aae592873ac23a0bafa8b477ecebfbfdba206ad5a609e

  • SSDEEP

    24576:2cBGv2xuCXQWfRcFyL+hfop09u1xg7lB8WeENrJYh3eL9AjoR6hCWthX8KHUTFq5:t8sQ/yyhM1xYB8forJPrYHMKHUT08JM

Score
10/10
healerdefense_evasiondiscoverydropperevasiontrojan

Malware Config

Targets

    • Target

      3dbaf066b17de562b151f02d6c4901c11c8c5ed2c60433d2b7f6ad5310810613.exe

    • Size

      1.7MB

    • MD5

      3008b212d4597987fc22934ff0ac8461

    • SHA1

      b045dbc6c88e1b1ad1e93007cbee370a8e956a27

    • SHA256

      3dbaf066b17de562b151f02d6c4901c11c8c5ed2c60433d2b7f6ad5310810613

    • SHA512

      67f24a6638fa37df093dca69bdf1a44bc72c7cd0d880b9c49e1e94f34888eb97bc980a1f935175d0da9aae592873ac23a0bafa8b477ecebfbfdba206ad5a609e

    • SSDEEP

      24576:2cBGv2xuCXQWfRcFyL+hfop09u1xg7lB8WeENrJYh3eL9AjoR6hCWthX8KHUTFq5:t8sQ/yyhM1xYB8forJPrYHMKHUT08JM

    Score
    10/10
    discoveryevasiontrojanhealerdefense_evasiondropper

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Healer family

      healer

    • Modifies Windows Defender DisableAntiSpyware settings

      evasiontrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Modifies Windows Defender TamperProtection settings

      evasiontrojan

    • Modifies Windows Defender notification settings

      defense_evasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Windows security modification

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks