General
-
Target
86be857552a432eafbbc416f093946cd0f726083e39a7d9b9e2e7f638810469f
-
Size
2.7MB
-
Sample
250123-t1rrssvrev
-
MD5
63198ccf5db51a6a33be3e0293c9b768
-
SHA1
378fc0213b89eda1b26402707e77285662be99c2
-
SHA256
86be857552a432eafbbc416f093946cd0f726083e39a7d9b9e2e7f638810469f
-
SHA512
d1f4c152bbbec7f89b7b43ce9a8f26efcdd4db5364897010de8d6189c34a0eba94f865127e116e5fcb7136e422a558e20257c9547bd02f91f78bbe302717dded
-
SSDEEP
49152:q1AaPsakbETgzXg0Az36/l1srkleMhriJoVqNI8:2PfkbETgzXg0Az362kgn5
Malware Config
Targets
-
-
Target
86be857552a432eafbbc416f093946cd0f726083e39a7d9b9e2e7f638810469f
-
Size
2.7MB
-
MD5
63198ccf5db51a6a33be3e0293c9b768
-
SHA1
378fc0213b89eda1b26402707e77285662be99c2
-
SHA256
86be857552a432eafbbc416f093946cd0f726083e39a7d9b9e2e7f638810469f
-
SHA512
d1f4c152bbbec7f89b7b43ce9a8f26efcdd4db5364897010de8d6189c34a0eba94f865127e116e5fcb7136e422a558e20257c9547bd02f91f78bbe302717dded
-
SSDEEP
49152:q1AaPsakbETgzXg0Az36/l1srkleMhriJoVqNI8:2PfkbETgzXg0Az362kgn5
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2