General
-
Target
2bbc63f4cebba314039bada0257840c6e37d56bc1d9da2e5fdc347c69fb68dcd
-
Size
2.6MB
-
Sample
250126-pf3lca1mat
-
MD5
8d305968f84066b22797cd223f0ea043
-
SHA1
379225ae429cb0b6c29128aec1919df73d18146c
-
SHA256
2bbc63f4cebba314039bada0257840c6e37d56bc1d9da2e5fdc347c69fb68dcd
-
SHA512
fbecc3f70c3425462e145597f9f8d6fe2096be0a06b27889c6229cb37210cf793661de65b50eb356af1058bd98e54fe87bbc300afa18c9c8fee01ae84175ac18
-
SSDEEP
24576:L2X0fs1PmnLFEvJ6mLQlghgRIRrv6AJMFA2hRzF1lxUq0cxkYb8uTB1GPtiFOiMT:K6EvR4ghiWKYDYAuTBucFtw05gOu
Malware Config
Targets
-
-
Target
2bbc63f4cebba314039bada0257840c6e37d56bc1d9da2e5fdc347c69fb68dcd
-
Size
2.6MB
-
MD5
8d305968f84066b22797cd223f0ea043
-
SHA1
379225ae429cb0b6c29128aec1919df73d18146c
-
SHA256
2bbc63f4cebba314039bada0257840c6e37d56bc1d9da2e5fdc347c69fb68dcd
-
SHA512
fbecc3f70c3425462e145597f9f8d6fe2096be0a06b27889c6229cb37210cf793661de65b50eb356af1058bd98e54fe87bbc300afa18c9c8fee01ae84175ac18
-
SSDEEP
24576:L2X0fs1PmnLFEvJ6mLQlghgRIRrv6AJMFA2hRzF1lxUq0cxkYb8uTB1GPtiFOiMT:K6EvR4ghiWKYDYAuTBucFtw05gOu
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2