General
-
Target
941458adb76628cad794a751ce4ef4d37779706e70a90c02585c7e18cb264404
-
Size
1.6MB
-
Sample
250124-x25xlatpew
-
MD5
55bd0f728c4a2499088b079769051b10
-
SHA1
a84abfac31e0f017d74e1a5090017f727f53cc0d
-
SHA256
941458adb76628cad794a751ce4ef4d37779706e70a90c02585c7e18cb264404
-
SHA512
a698bbbd8a5ef78ec9f89c0408aef83f3726db88fcf19bbd372a600a8916d4b0064e5ba64c578a112065535903f1d8338b48c28e8b285965e0de75d325a70d32
-
SSDEEP
24576:13aFoiPb/GCqjec/AVDph5UFv4T6emptOIpN/j+/9fz5hpoz2ygWFdQiznyr3wL8:AomOHjodxjT6eCtvn6/l5hpozlgWe
Malware Config
Targets
-
-
Target
941458adb76628cad794a751ce4ef4d37779706e70a90c02585c7e18cb264404
-
Size
1.6MB
-
MD5
55bd0f728c4a2499088b079769051b10
-
SHA1
a84abfac31e0f017d74e1a5090017f727f53cc0d
-
SHA256
941458adb76628cad794a751ce4ef4d37779706e70a90c02585c7e18cb264404
-
SHA512
a698bbbd8a5ef78ec9f89c0408aef83f3726db88fcf19bbd372a600a8916d4b0064e5ba64c578a112065535903f1d8338b48c28e8b285965e0de75d325a70d32
-
SSDEEP
24576:13aFoiPb/GCqjec/AVDph5UFv4T6emptOIpN/j+/9fz5hpoz2ygWFdQiznyr3wL8:AomOHjodxjT6eCtvn6/l5hpozlgWe
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2