General

  • Target

    44f8045d918f698518a45fa7c0f1b458743c4117744227d80f8a2364ac09f0a0

  • Size

    2.7MB

  • Sample

    250126-hjs3ravmhw

  • MD5

    2d33e680c27e908d175a538a38c36d0e

  • SHA1

    aff2f8ff039346ff2d9bb58179bb4534230036f5

  • SHA256

    44f8045d918f698518a45fa7c0f1b458743c4117744227d80f8a2364ac09f0a0

  • SHA512

    95f53cf55804cb143ba9577837898c741ac90257a6ba27f4269f39f34cd318ea6cc15c930ccacaf455daf74fbb5eae496bedea55a8d4d35b2b7fb76ffe7b3fd7

  • SSDEEP

    49152:H0zjDYv8KGK4lyaeKMk5Zc0QFydbh0BzLLUd:HmjDYv8KGK4l/W0Qabh0Bz6

Malware Config

Targets

    • Target

      44f8045d918f698518a45fa7c0f1b458743c4117744227d80f8a2364ac09f0a0

    • Size

      2.7MB

    • MD5

      2d33e680c27e908d175a538a38c36d0e

    • SHA1

      aff2f8ff039346ff2d9bb58179bb4534230036f5

    • SHA256

      44f8045d918f698518a45fa7c0f1b458743c4117744227d80f8a2364ac09f0a0

    • SHA512

      95f53cf55804cb143ba9577837898c741ac90257a6ba27f4269f39f34cd318ea6cc15c930ccacaf455daf74fbb5eae496bedea55a8d4d35b2b7fb76ffe7b3fd7

    • SSDEEP

      49152:H0zjDYv8KGK4lyaeKMk5Zc0QFydbh0BzLLUd:HmjDYv8KGK4l/W0Qabh0Bz6

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender DisableAntiSpyware settings

    • Modifies Windows Defender Real-time Protection settings

    • Modifies Windows Defender TamperProtection settings

    • Modifies Windows Defender notification settings

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Windows security modification

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.