General
-
Target
bb11f35591db1bdb70ec41b69d2b349ae943e236370ee2dad730eb897c081e40
-
Size
2.8MB
-
Sample
250126-qvxt3stpcr
-
MD5
9e178958fa61d4b31d95961118d0aaa7
-
SHA1
a47d6cd03e282744e2da6551821a910cccad92c9
-
SHA256
bb11f35591db1bdb70ec41b69d2b349ae943e236370ee2dad730eb897c081e40
-
SHA512
5fda7d577c98828760c6fa6f7657a0162920652947375e9fb7819d972fe2befa65e438234cefe39220717ca812ac6635bc49ef8de44235504b1aac96cea1a4ba
-
SSDEEP
49152:KzkLR3TmURcxpsTP5eqV1A3srkThU2JV9KLrXn66JI80Bj:KzkLRaURcxaTP9A33hUorKH366JINB
Malware Config
Targets
-
-
Target
bb11f35591db1bdb70ec41b69d2b349ae943e236370ee2dad730eb897c081e40
-
Size
2.8MB
-
MD5
9e178958fa61d4b31d95961118d0aaa7
-
SHA1
a47d6cd03e282744e2da6551821a910cccad92c9
-
SHA256
bb11f35591db1bdb70ec41b69d2b349ae943e236370ee2dad730eb897c081e40
-
SHA512
5fda7d577c98828760c6fa6f7657a0162920652947375e9fb7819d972fe2befa65e438234cefe39220717ca812ac6635bc49ef8de44235504b1aac96cea1a4ba
-
SSDEEP
49152:KzkLR3TmURcxpsTP5eqV1A3srkThU2JV9KLrXn66JI80Bj:KzkLRaURcxaTP9A33hUorKH366JINB
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2