General
-
Target
433cb7ab9d6aa5ccda342e5f51ef811f8449b4209e2b177dc4b6302bf18b7aa5
-
Size
2.6MB
-
Sample
250126-dcqxla1kdp
-
MD5
e02b12c85714e677a6b9b4d5c584b6fe
-
SHA1
80c02fe6b4cab9eade60df1d068fd3e058957264
-
SHA256
433cb7ab9d6aa5ccda342e5f51ef811f8449b4209e2b177dc4b6302bf18b7aa5
-
SHA512
b9aa274be085b6148da48fbdb6bff8c6f0daf86c8a6d7f9dae93a3ae071a3395a676fc0e5bcc09d6953d3677bbf552d9d643a3b9c7254b95d8d8c5c6aa79a496
-
SSDEEP
24576:pTO415oK4M++5oLjHfSbM0UxaNICNPIVGfsNsaJzRqzfy57eql0ZeydMQfJc8ex1:FO4In+iLj/OfUxPUfy5745RcXwEs
Malware Config
Targets
-
-
Target
433cb7ab9d6aa5ccda342e5f51ef811f8449b4209e2b177dc4b6302bf18b7aa5
-
Size
2.6MB
-
MD5
e02b12c85714e677a6b9b4d5c584b6fe
-
SHA1
80c02fe6b4cab9eade60df1d068fd3e058957264
-
SHA256
433cb7ab9d6aa5ccda342e5f51ef811f8449b4209e2b177dc4b6302bf18b7aa5
-
SHA512
b9aa274be085b6148da48fbdb6bff8c6f0daf86c8a6d7f9dae93a3ae071a3395a676fc0e5bcc09d6953d3677bbf552d9d643a3b9c7254b95d8d8c5c6aa79a496
-
SSDEEP
24576:pTO415oK4M++5oLjHfSbM0UxaNICNPIVGfsNsaJzRqzfy57eql0ZeydMQfJc8ex1:FO4In+iLj/OfUxPUfy5745RcXwEs
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2