Overview

overview

10

Static

static

3

4fb2894252...6N.exe

windows7-x64

10

4fb2894252...6N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4fb289425252a855009b84073fb98413b8d2d8a973ae499d0fd509810d2b5df6N.exe

  • Size

    1.7MB

  • Sample

    250121-lejv3axlal

  • MD5

    ad346744905f7ed6bcbe8f2a2a1a3c90

  • SHA1

    2b6b61b416001549cbc2887d03a62a6b647c5f60

  • SHA256

    4fb289425252a855009b84073fb98413b8d2d8a973ae499d0fd509810d2b5df6

  • SHA512

    5f6bafb679945c33d2d783e274d32ad50db1a47eae6b3b1d2c323293e12c1697e08aef4528b9fa329ac0b45eeebdff915113dc2e5d6f1efd9b8c8679626ebb72

  • SSDEEP

    49152:+8jL47jCR969tkld1PRqtzZ8xiqtrZNr7m2oA:+8jL47ey9a7UlZ89Pr7mpA

Score
10/10
healerdefense_evasiondiscoverydropperevasiontrojan

Malware Config

Targets

    • Target

      4fb289425252a855009b84073fb98413b8d2d8a973ae499d0fd509810d2b5df6N.exe

    • Size

      1.7MB

    • MD5

      ad346744905f7ed6bcbe8f2a2a1a3c90

    • SHA1

      2b6b61b416001549cbc2887d03a62a6b647c5f60

    • SHA256

      4fb289425252a855009b84073fb98413b8d2d8a973ae499d0fd509810d2b5df6

    • SHA512

      5f6bafb679945c33d2d783e274d32ad50db1a47eae6b3b1d2c323293e12c1697e08aef4528b9fa329ac0b45eeebdff915113dc2e5d6f1efd9b8c8679626ebb72

    • SSDEEP

      49152:+8jL47jCR969tkld1PRqtzZ8xiqtrZNr7m2oA:+8jL47ey9a7UlZ89Pr7mpA

    Score
    10/10
    defense_evasiondiscoverytrojanhealerdropperevasion

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Healer family

      healer

    • Modifies Windows Defender DisableAntiSpyware settings

      evasiontrojan

    • Modifies Windows Defender Real-time Protection settings

      defense_evasiontrojan

    • Modifies Windows Defender TamperProtection settings

      evasiontrojan

    • Modifies Windows Defender notification settings

      defense_evasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      defense_evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      defense_evasion

    • Windows security modification

      defense_evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks