General
-
Target
f294b7bc613b3c79c4b76fd42ed1126a1bddf04ac6013de3aa6d97f6be3c50df
-
Size
2.7MB
-
Sample
250123-t5rycsxkhn
-
MD5
4d9a84071c9c9f0c1b33dc9af9aa3af0
-
SHA1
f622f456a6af10822200fbaad4606f75331afad5
-
SHA256
f294b7bc613b3c79c4b76fd42ed1126a1bddf04ac6013de3aa6d97f6be3c50df
-
SHA512
f790c78702911531c972c2bc61253a3ae857d65776e8c4cdccb637522a858a8cf59a441a10542f4ae4d916433977fece254924694d407ffb02541a35cbd70e1e
-
SSDEEP
49152:VKeJgvaXTOZj8oNigBlnkDv2Am2npneYrjYDripH623Op//:8eJGgTOZj8pg2YvQaV1
Malware Config
Targets
-
-
Target
f294b7bc613b3c79c4b76fd42ed1126a1bddf04ac6013de3aa6d97f6be3c50df
-
Size
2.7MB
-
MD5
4d9a84071c9c9f0c1b33dc9af9aa3af0
-
SHA1
f622f456a6af10822200fbaad4606f75331afad5
-
SHA256
f294b7bc613b3c79c4b76fd42ed1126a1bddf04ac6013de3aa6d97f6be3c50df
-
SHA512
f790c78702911531c972c2bc61253a3ae857d65776e8c4cdccb637522a858a8cf59a441a10542f4ae4d916433977fece254924694d407ffb02541a35cbd70e1e
-
SSDEEP
49152:VKeJgvaXTOZj8oNigBlnkDv2Am2npneYrjYDripH623Op//:8eJGgTOZj8pg2YvQaV1
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2