General
-
Target
61907784cb31bd98f7f50db3a304a42bbb1490ad7f0bc029f70ac7ab0ae7a206
-
Size
2.6MB
-
Sample
250126-2z1bjsyrgl
-
MD5
0f04cfdb186adae8a197d0564df089c1
-
SHA1
f8bbaa4b88632317fde01af460a4a1dda85817a6
-
SHA256
61907784cb31bd98f7f50db3a304a42bbb1490ad7f0bc029f70ac7ab0ae7a206
-
SHA512
ccd70d4d401ffadee4fcf7e46a7ab98bc127eeffbed8f0ca51e7dfb0a5917fa1c160b6e54a41738fc31342972e67dd5c349e2ad2c9b1f08117adad3c6b7c2680
-
SSDEEP
49152:tlHZOlIuWqCKzJd9vE2Lt5HmtR8LsbDohh3Xs2:tJZOlIu1CIT9s2Lt5HmtREB9
Malware Config
Targets
-
-
Target
61907784cb31bd98f7f50db3a304a42bbb1490ad7f0bc029f70ac7ab0ae7a206
-
Size
2.6MB
-
MD5
0f04cfdb186adae8a197d0564df089c1
-
SHA1
f8bbaa4b88632317fde01af460a4a1dda85817a6
-
SHA256
61907784cb31bd98f7f50db3a304a42bbb1490ad7f0bc029f70ac7ab0ae7a206
-
SHA512
ccd70d4d401ffadee4fcf7e46a7ab98bc127eeffbed8f0ca51e7dfb0a5917fa1c160b6e54a41738fc31342972e67dd5c349e2ad2c9b1f08117adad3c6b7c2680
-
SSDEEP
49152:tlHZOlIuWqCKzJd9vE2Lt5HmtR8LsbDohh3Xs2:tJZOlIu1CIT9s2Lt5HmtREB9
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2