General
-
Target
63b36aaacf61da527bac30a67c5d19f4ab90c744aed4519d052a052569ddc5f1
-
Size
2.7MB
-
Sample
250124-bmv8ystqbl
-
MD5
0dabf4363c9b8f0d242fa9a23613f32c
-
SHA1
5c3f7733790d11cd133e0e3a86d3f57708052772
-
SHA256
63b36aaacf61da527bac30a67c5d19f4ab90c744aed4519d052a052569ddc5f1
-
SHA512
8d235002021f2edca4fb18cb22c52fea540093e45bb6325366307728019e5f77ca875a5532bae771383520a9eeede82686d5b6948843d10a666e8e6a0e33f19d
-
SSDEEP
49152:+p+6aFCx/ZmJQ2oQkR+o1/gADgUOOo7JqvvSOxLR8xWlYB:+p+6aFCJQQ2oQkR+gIygj7kvVxl8w
Malware Config
Targets
-
-
Target
63b36aaacf61da527bac30a67c5d19f4ab90c744aed4519d052a052569ddc5f1
-
Size
2.7MB
-
MD5
0dabf4363c9b8f0d242fa9a23613f32c
-
SHA1
5c3f7733790d11cd133e0e3a86d3f57708052772
-
SHA256
63b36aaacf61da527bac30a67c5d19f4ab90c744aed4519d052a052569ddc5f1
-
SHA512
8d235002021f2edca4fb18cb22c52fea540093e45bb6325366307728019e5f77ca875a5532bae771383520a9eeede82686d5b6948843d10a666e8e6a0e33f19d
-
SSDEEP
49152:+p+6aFCx/ZmJQ2oQkR+o1/gADgUOOo7JqvvSOxLR8xWlYB:+p+6aFCJQQ2oQkR+gIygj7kvVxl8w
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2