General
-
Target
ec27ce782a3b5c8e159ff938572f5d02ca3362b933cc68d47017686b86cb5fcf
-
Size
1.6MB
-
Sample
250125-ywc53aylct
-
MD5
388883db8c6815d1aee334a52967404e
-
SHA1
ecbe6f81c9d2c575e69dbda3e986619fb56ae786
-
SHA256
ec27ce782a3b5c8e159ff938572f5d02ca3362b933cc68d47017686b86cb5fcf
-
SHA512
cae50b39926a63eb0407ab4d2f1199115ef78902675ab463ecc48a9f5129f958c6500a8326511e07b71cd12d81109ab8a90812ecf8c0a5debf3e9d032b4147a9
-
SSDEEP
49152:K0bJIMvIDT6IKd3EfcnAPMf9Q6Dt5FE+m1MFw94hx51SK/siGDxG:K+JIMvIfcEUV9HFEFM2G517sTD
Malware Config
Targets
-
-
Target
ec27ce782a3b5c8e159ff938572f5d02ca3362b933cc68d47017686b86cb5fcf
-
Size
1.6MB
-
MD5
388883db8c6815d1aee334a52967404e
-
SHA1
ecbe6f81c9d2c575e69dbda3e986619fb56ae786
-
SHA256
ec27ce782a3b5c8e159ff938572f5d02ca3362b933cc68d47017686b86cb5fcf
-
SHA512
cae50b39926a63eb0407ab4d2f1199115ef78902675ab463ecc48a9f5129f958c6500a8326511e07b71cd12d81109ab8a90812ecf8c0a5debf3e9d032b4147a9
-
SSDEEP
49152:K0bJIMvIDT6IKd3EfcnAPMf9Q6Dt5FE+m1MFw94hx51SK/siGDxG:K+JIMvIfcEUV9HFEFM2G517sTD
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2