General
-
Target
0b20d57e6eba7b7ddfe47747cc550966316ef277fc2a907af877edd6892b32e2
-
Size
1.7MB
-
Sample
250125-gvzh8s1lbl
-
MD5
e9f76b24a0fd3744959c695d9fd94a72
-
SHA1
c367b9328d631579bef9cf704ddf0e386aee0139
-
SHA256
0b20d57e6eba7b7ddfe47747cc550966316ef277fc2a907af877edd6892b32e2
-
SHA512
0be8189e21f585d9971833917c40a2fc66694b3ad32bb6d3918660a1ed8ed7a4fb5e08ded766d1ff80b14a7c4690e9c48b1a53233f970590c5c819eca80e2aec
-
SSDEEP
24576:sIUsq5A64bt0FKqHjWNnqbVIlPI3Ct0vu9FLH5uoUmc6DSLzd7gB3vFb4in:sIUslLRxKqaINt0vuFTUQSuyin
Malware Config
Targets
-
-
Target
0b20d57e6eba7b7ddfe47747cc550966316ef277fc2a907af877edd6892b32e2
-
Size
1.7MB
-
MD5
e9f76b24a0fd3744959c695d9fd94a72
-
SHA1
c367b9328d631579bef9cf704ddf0e386aee0139
-
SHA256
0b20d57e6eba7b7ddfe47747cc550966316ef277fc2a907af877edd6892b32e2
-
SHA512
0be8189e21f585d9971833917c40a2fc66694b3ad32bb6d3918660a1ed8ed7a4fb5e08ded766d1ff80b14a7c4690e9c48b1a53233f970590c5c819eca80e2aec
-
SSDEEP
24576:sIUsq5A64bt0FKqHjWNnqbVIlPI3Ct0vu9FLH5uoUmc6DSLzd7gB3vFb4in:sIUslLRxKqaINt0vuFTUQSuyin
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2