Overview

overview

10

Static

static

3

7a7f1f4f46...30.exe

windows7-x64

10

7a7f1f4f46...30.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7a7f1f4f4677050c29a9b8b9f7390c55d572d3bfa8c2e99db24e1a1b0fd44b30

  • Size

    1.7MB

  • Sample

    250124-1ydkqaslfj

  • MD5

    063a16afb2d3fc98bc0a6e9b66e22ec5

  • SHA1

    20ce0f564bc605d2847fb3d35358e3cc6c5e2105

  • SHA256

    7a7f1f4f4677050c29a9b8b9f7390c55d572d3bfa8c2e99db24e1a1b0fd44b30

  • SHA512

    8769a5cec82a44db90510e63137c0cc628596a13ee1fad86e658c10fb76fa5d9edd2fc23a3682214f1d8979cc7a72da133a5de95e3d27f03a0eb45804f3553ba

  • SSDEEP

    24576:FhYOsTn/gEtq722zjZY1EAxNOeuPROjo1gcMxb9IjNg71zuArD7xh:tsTn671ztY+AbOeuPR8xm5uRrDNh

Score
10/10
healerdefense_evasiondiscoverydropperevasiontrojan

Malware Config

Targets

    • Target

      7a7f1f4f4677050c29a9b8b9f7390c55d572d3bfa8c2e99db24e1a1b0fd44b30

    • Size

      1.7MB

    • MD5

      063a16afb2d3fc98bc0a6e9b66e22ec5

    • SHA1

      20ce0f564bc605d2847fb3d35358e3cc6c5e2105

    • SHA256

      7a7f1f4f4677050c29a9b8b9f7390c55d572d3bfa8c2e99db24e1a1b0fd44b30

    • SHA512

      8769a5cec82a44db90510e63137c0cc628596a13ee1fad86e658c10fb76fa5d9edd2fc23a3682214f1d8979cc7a72da133a5de95e3d27f03a0eb45804f3553ba

    • SSDEEP

      24576:FhYOsTn/gEtq722zjZY1EAxNOeuPROjo1gcMxb9IjNg71zuArD7xh:tsTn671ztY+AbOeuPR8xm5uRrDNh

    Score
    10/10
    healerdefense_evasiondiscoverydropperevasiontrojan

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Healer family

      healer

    • Modifies Windows Defender DisableAntiSpyware settings

      evasiontrojan

    • Modifies Windows Defender Real-time Protection settings

      defense_evasiontrojan

    • Modifies Windows Defender TamperProtection settings

      evasiontrojan

    • Modifies Windows Defender notification settings

      defense_evasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      defense_evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      defense_evasion

    • Windows security modification

      defense_evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks