General
-
Target
85cd8ac159c592c490db2e33204cb832b366fc4d7db5cf863b5a66b13fb05955
-
Size
1.7MB
-
Sample
250125-vec7ystlam
-
MD5
70ad1e25686f5bb100ffc024c7c0f1a3
-
SHA1
4bf83fe3ab8b0700ccbce6d9472d7f7f73575614
-
SHA256
85cd8ac159c592c490db2e33204cb832b366fc4d7db5cf863b5a66b13fb05955
-
SHA512
99ab966beff43f91f545bce35e65d36e65804b42f1f5e30aa39460d412e0c8c78bcb7856cfce15ff733f0f80d940b20eba5a16c4e56ce5fd17552be0bfbc6672
-
SSDEEP
49152:+gIjBOwwIsgKPD3szqiE73p4wr7az2Jga:+7OwP7cDU23pzr7aKW
Malware Config
Targets
-
-
Target
85cd8ac159c592c490db2e33204cb832b366fc4d7db5cf863b5a66b13fb05955
-
Size
1.7MB
-
MD5
70ad1e25686f5bb100ffc024c7c0f1a3
-
SHA1
4bf83fe3ab8b0700ccbce6d9472d7f7f73575614
-
SHA256
85cd8ac159c592c490db2e33204cb832b366fc4d7db5cf863b5a66b13fb05955
-
SHA512
99ab966beff43f91f545bce35e65d36e65804b42f1f5e30aa39460d412e0c8c78bcb7856cfce15ff733f0f80d940b20eba5a16c4e56ce5fd17552be0bfbc6672
-
SSDEEP
49152:+gIjBOwwIsgKPD3szqiE73p4wr7az2Jga:+7OwP7cDU23pzr7aKW
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2