General
-
Target
cf68bb30925c5232c30e4f786b534c2e065d20e04d167bebc299d6b1d1f60a31
-
Size
1.7MB
-
Sample
250125-qv4mmavle1
-
MD5
1ca8a6fd8a63d43e12dd0eda13c688c6
-
SHA1
628034d99b716a9576f7fe487e9b1b9340768ede
-
SHA256
cf68bb30925c5232c30e4f786b534c2e065d20e04d167bebc299d6b1d1f60a31
-
SHA512
7c41248f6066053a08f05fdf15a23bc99cacfd5cbb4c377da5bd176085da687ebb3b99a599090116689c9f06f7f2aaf1f492f9a31b5cd0055d0eceaee25a7ae7
-
SSDEEP
24576:ZrJXwbnaJFN0BbpiMNP15JY2ERW3HHimFh0+kXq9TAud0paK9ic6Tf889rB8gAJU:7wb6FN9sHdERWzFh0HX2uQc6AeZ7iaM
Malware Config
Targets
-
-
Target
cf68bb30925c5232c30e4f786b534c2e065d20e04d167bebc299d6b1d1f60a31
-
Size
1.7MB
-
MD5
1ca8a6fd8a63d43e12dd0eda13c688c6
-
SHA1
628034d99b716a9576f7fe487e9b1b9340768ede
-
SHA256
cf68bb30925c5232c30e4f786b534c2e065d20e04d167bebc299d6b1d1f60a31
-
SHA512
7c41248f6066053a08f05fdf15a23bc99cacfd5cbb4c377da5bd176085da687ebb3b99a599090116689c9f06f7f2aaf1f492f9a31b5cd0055d0eceaee25a7ae7
-
SSDEEP
24576:ZrJXwbnaJFN0BbpiMNP15JY2ERW3HHimFh0+kXq9TAud0paK9ic6Tf889rB8gAJU:7wb6FN9sHdERWzFh0HX2uQc6AeZ7iaM
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2