General
-
Target
d73b52b32f1b7e8645530f8bb5d6b5bdbcfb0e09e067440dabf84a280371ffd8
-
Size
2.6MB
-
Sample
250126-1534ysxpak
-
MD5
4463dfb870ad8323a33318570563416c
-
SHA1
7c588a0a65c94cc03cd275ae1f582c6433a85af0
-
SHA256
d73b52b32f1b7e8645530f8bb5d6b5bdbcfb0e09e067440dabf84a280371ffd8
-
SHA512
a4eb9ec172c8cc79bc9fd9c02ae919616ba675ec7042778b24b9560dea8a8b6eacf0b6f853300ab61120e4c5f2b2ef169da0803e9da0eb0e8773c75d5c19ad92
-
SSDEEP
49152:kIOlJFWXziK47j9iyGLVjmWRhYb/8046WaqPauD:kTlJFWDiKUj9/GLVjmbIJz
Malware Config
Targets
-
-
Target
d73b52b32f1b7e8645530f8bb5d6b5bdbcfb0e09e067440dabf84a280371ffd8
-
Size
2.6MB
-
MD5
4463dfb870ad8323a33318570563416c
-
SHA1
7c588a0a65c94cc03cd275ae1f582c6433a85af0
-
SHA256
d73b52b32f1b7e8645530f8bb5d6b5bdbcfb0e09e067440dabf84a280371ffd8
-
SHA512
a4eb9ec172c8cc79bc9fd9c02ae919616ba675ec7042778b24b9560dea8a8b6eacf0b6f853300ab61120e4c5f2b2ef169da0803e9da0eb0e8773c75d5c19ad92
-
SSDEEP
49152:kIOlJFWXziK47j9iyGLVjmWRhYb/8046WaqPauD:kTlJFWDiKUj9/GLVjmbIJz
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2