General
-
Target
f2ad1bf01de9fcd9893a77b20dc36cee066685d0d33c9c86d1ca18b62557dda0
-
Size
1.7MB
-
Sample
250124-yzne7sxpgn
-
MD5
33c9fe72c52c4f5cf25adfa440cb9d22
-
SHA1
2a606f7cc3c2cbae7863df043a35d024b6bcf96c
-
SHA256
f2ad1bf01de9fcd9893a77b20dc36cee066685d0d33c9c86d1ca18b62557dda0
-
SHA512
8e329a13a4350392c0e4f4521d838d1116a3359f644d8b7808cfa350e6762616d88152dbce8b2863808eccd291b645d394e082af4fa02ec001ff4a2f63e0d1dc
-
SSDEEP
49152:8UlAZwlZMemU9VWL7ANtEskKamepqyoTXZaDkD6VVSU:8UlwwlZ9mU9VWL7ANaKFeSXZaAKV
Malware Config
Targets
-
-
Target
f2ad1bf01de9fcd9893a77b20dc36cee066685d0d33c9c86d1ca18b62557dda0
-
Size
1.7MB
-
MD5
33c9fe72c52c4f5cf25adfa440cb9d22
-
SHA1
2a606f7cc3c2cbae7863df043a35d024b6bcf96c
-
SHA256
f2ad1bf01de9fcd9893a77b20dc36cee066685d0d33c9c86d1ca18b62557dda0
-
SHA512
8e329a13a4350392c0e4f4521d838d1116a3359f644d8b7808cfa350e6762616d88152dbce8b2863808eccd291b645d394e082af4fa02ec001ff4a2f63e0d1dc
-
SSDEEP
49152:8UlAZwlZMemU9VWL7ANtEskKamepqyoTXZaDkD6VVSU:8UlwwlZ9mU9VWL7ANaKFeSXZaAKV
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2