General
-
Target
b1ab22f38f642502b8b25fe9570650011ad39b29d8162b7fb25773dac1eca6d8
-
Size
1.6MB
-
Sample
250125-t454laspgr
-
MD5
da2615b598c5bca738414f3fa7a588a5
-
SHA1
6634db039be086bdb366189bdbd2f2a61cea2a18
-
SHA256
b1ab22f38f642502b8b25fe9570650011ad39b29d8162b7fb25773dac1eca6d8
-
SHA512
5f3ba54645dbd25739f3ac8e69ed5e9024d63cb1208244d80c4c22a4a705b21f81316647c4a439c524956242feb881f639d9fa06efc866cab8ba34e15e0f3147
-
SSDEEP
49152:qAGoufbsvEUaci7iw6DXz94N1zJw/XBmov59WE:qAys8DcDDiNxuO
Static task
static1
Behavioral task
behavioral1
Sample
b1ab22f38f642502b8b25fe9570650011ad39b29d8162b7fb25773dac1eca6d8.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
b1ab22f38f642502b8b25fe9570650011ad39b29d8162b7fb25773dac1eca6d8
-
Size
1.6MB
-
MD5
da2615b598c5bca738414f3fa7a588a5
-
SHA1
6634db039be086bdb366189bdbd2f2a61cea2a18
-
SHA256
b1ab22f38f642502b8b25fe9570650011ad39b29d8162b7fb25773dac1eca6d8
-
SHA512
5f3ba54645dbd25739f3ac8e69ed5e9024d63cb1208244d80c4c22a4a705b21f81316647c4a439c524956242feb881f639d9fa06efc866cab8ba34e15e0f3147
-
SSDEEP
49152:qAGoufbsvEUaci7iw6DXz94N1zJw/XBmov59WE:qAys8DcDDiNxuO
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2