General
-
Target
c99602ceae0e0ef993499c1d8c9230d31ec3bf9c8bc151ea14876a3979a03e6a
-
Size
2.6MB
-
Sample
250126-pm6ata1nbx
-
MD5
a3df398274a11844c5020a4974f9276d
-
SHA1
ecd751dd8dbd5b7f42d0da96fef8ab9d6915d762
-
SHA256
c99602ceae0e0ef993499c1d8c9230d31ec3bf9c8bc151ea14876a3979a03e6a
-
SHA512
d10c5132ffbca30eba1b8d0a85b45b18c56d0ecd270e4a473cc76d63510fc8d54944d465e7650ee668bd11bc294addf5716069e1e3c6a709de629ffbbffc8702
-
SSDEEP
24576:ZCpLdLrC4NZziLZmeBodXIwqXVis/Qqw0xS9jiK8qpmaArRSocGckgiCgeIk2Mr:ZmOMzomXd4bl0oqpmaOS7kFCHD2
Malware Config
Targets
-
-
Target
c99602ceae0e0ef993499c1d8c9230d31ec3bf9c8bc151ea14876a3979a03e6a
-
Size
2.6MB
-
MD5
a3df398274a11844c5020a4974f9276d
-
SHA1
ecd751dd8dbd5b7f42d0da96fef8ab9d6915d762
-
SHA256
c99602ceae0e0ef993499c1d8c9230d31ec3bf9c8bc151ea14876a3979a03e6a
-
SHA512
d10c5132ffbca30eba1b8d0a85b45b18c56d0ecd270e4a473cc76d63510fc8d54944d465e7650ee668bd11bc294addf5716069e1e3c6a709de629ffbbffc8702
-
SSDEEP
24576:ZCpLdLrC4NZziLZmeBodXIwqXVis/Qqw0xS9jiK8qpmaArRSocGckgiCgeIk2Mr:ZmOMzomXd4bl0oqpmaOS7kFCHD2
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2