General
-
Target
c321c5e5deb993fccefc4dd529705daa1209fe8f5b23357a23265264f289d582
-
Size
2.6MB
-
Sample
250123-wjef9azjcq
-
MD5
7b2774d5d90e91ca6bfbb7d76318cbc7
-
SHA1
18694142851559ffa6ecbabbe5fd5ef1375e61d9
-
SHA256
c321c5e5deb993fccefc4dd529705daa1209fe8f5b23357a23265264f289d582
-
SHA512
05c9d158e3eacd3eee7e470b5d650e8ee5a966f5ef8417da04426db185b55c827945fce94c84229b04180e9fbefc12f125cafc26926dca86a40f407a428d6802
-
SSDEEP
24576:zZ3fWBhi+6SKc9nN8WvZEPZDv9Vk5pYW3jaTSBM8kFp4D4TuDu7TZ33u8cE0MK4y:zRlvbcb8WGhjOBBCF6sTrN3egFMLW
Malware Config
Targets
-
-
Target
c321c5e5deb993fccefc4dd529705daa1209fe8f5b23357a23265264f289d582
-
Size
2.6MB
-
MD5
7b2774d5d90e91ca6bfbb7d76318cbc7
-
SHA1
18694142851559ffa6ecbabbe5fd5ef1375e61d9
-
SHA256
c321c5e5deb993fccefc4dd529705daa1209fe8f5b23357a23265264f289d582
-
SHA512
05c9d158e3eacd3eee7e470b5d650e8ee5a966f5ef8417da04426db185b55c827945fce94c84229b04180e9fbefc12f125cafc26926dca86a40f407a428d6802
-
SSDEEP
24576:zZ3fWBhi+6SKc9nN8WvZEPZDv9Vk5pYW3jaTSBM8kFp4D4TuDu7TZ33u8cE0MK4y:zRlvbcb8WGhjOBBCF6sTrN3egFMLW
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2