General
-
Target
75668db663695dedd991967ba37f6c46be9ab2827a0b5796f724beeb1f5c3eaf
-
Size
2.6MB
-
Sample
250126-e77z2askcv
-
MD5
9d6c1b9541937a6c438aa6afb284c725
-
SHA1
bdc53909954e18fba2c81c6e36ba8678c91377df
-
SHA256
75668db663695dedd991967ba37f6c46be9ab2827a0b5796f724beeb1f5c3eaf
-
SHA512
7355617ac383f7d6d5ef660a07d474fdfc6f64b471a16d464a1d56c7ce6bc8f141db7f1dca445f9cd6df20ab3f326d5b3d6b556a29f23e1a132e4f0bb4e35031
-
SSDEEP
49152:4OOiGqsOiDpiJLuj127omrizTeJp7qEp+qQYxtLX8B:4OOiGqsOiDpiJLuj19mYaJp7ZY5dB
Malware Config
Targets
-
-
Target
75668db663695dedd991967ba37f6c46be9ab2827a0b5796f724beeb1f5c3eaf
-
Size
2.6MB
-
MD5
9d6c1b9541937a6c438aa6afb284c725
-
SHA1
bdc53909954e18fba2c81c6e36ba8678c91377df
-
SHA256
75668db663695dedd991967ba37f6c46be9ab2827a0b5796f724beeb1f5c3eaf
-
SHA512
7355617ac383f7d6d5ef660a07d474fdfc6f64b471a16d464a1d56c7ce6bc8f141db7f1dca445f9cd6df20ab3f326d5b3d6b556a29f23e1a132e4f0bb4e35031
-
SSDEEP
49152:4OOiGqsOiDpiJLuj127omrizTeJp7qEp+qQYxtLX8B:4OOiGqsOiDpiJLuj19mYaJp7ZY5dB
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2