General
-
Target
58073cda20f7eb7c6a9af9cba5ec648b8d35b6c806bc081d7be78ac409f98a4f
-
Size
1.7MB
-
Sample
250125-b1ajeazqck
-
MD5
501327b04beccf36e717c5650c2553af
-
SHA1
35a9185edcc8948b8aa889e4bdea30d896323723
-
SHA256
58073cda20f7eb7c6a9af9cba5ec648b8d35b6c806bc081d7be78ac409f98a4f
-
SHA512
d982fb86d112e27998a481e8e8ec6523bc132befefbd80da487dd083b90df56503504dcec6ca140279e1be730a4746256ab8c0403340940dbf40b479745dd0fa
-
SSDEEP
24576:vIL+s4YzgjyKUqnP7xZcpP8kWiNWNG/kMjPXrY/I5AO0rJiTiiV+Ru8tJ+hMFWaa:vUxBKyKxP7/CE+NWQXrYgD2EGLOeFSO
Malware Config
Targets
-
-
Target
58073cda20f7eb7c6a9af9cba5ec648b8d35b6c806bc081d7be78ac409f98a4f
-
Size
1.7MB
-
MD5
501327b04beccf36e717c5650c2553af
-
SHA1
35a9185edcc8948b8aa889e4bdea30d896323723
-
SHA256
58073cda20f7eb7c6a9af9cba5ec648b8d35b6c806bc081d7be78ac409f98a4f
-
SHA512
d982fb86d112e27998a481e8e8ec6523bc132befefbd80da487dd083b90df56503504dcec6ca140279e1be730a4746256ab8c0403340940dbf40b479745dd0fa
-
SSDEEP
24576:vIL+s4YzgjyKUqnP7xZcpP8kWiNWNG/kMjPXrY/I5AO0rJiTiiV+Ru8tJ+hMFWaa:vUxBKyKxP7/CE+NWQXrYgD2EGLOeFSO
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2