General
-
Target
c8e804818cb3ce5046fe4a9781539c784dcfdaacb41ac131a78396d6a284c9b3
-
Size
2.7MB
-
Sample
250126-re76jstkbv
-
MD5
6593168e11a3f83ed2f912f668932c6a
-
SHA1
ee8184733be893d203c36a22dc7450990a438a18
-
SHA256
c8e804818cb3ce5046fe4a9781539c784dcfdaacb41ac131a78396d6a284c9b3
-
SHA512
a686844bb4529245641b6559e733cee787631b5de48fda491e0c310bb83ee7ca6804dc85be7bb5eb99fe278fcb78a3baa853a7a43d3e132c07ccfef6df89a537
-
SSDEEP
49152:9e/0IwCIddYQPKGH0hnHudJgZSK9QjHbK96:U/zwtddYQPxUhnOd062
Malware Config
Targets
-
-
Target
c8e804818cb3ce5046fe4a9781539c784dcfdaacb41ac131a78396d6a284c9b3
-
Size
2.7MB
-
MD5
6593168e11a3f83ed2f912f668932c6a
-
SHA1
ee8184733be893d203c36a22dc7450990a438a18
-
SHA256
c8e804818cb3ce5046fe4a9781539c784dcfdaacb41ac131a78396d6a284c9b3
-
SHA512
a686844bb4529245641b6559e733cee787631b5de48fda491e0c310bb83ee7ca6804dc85be7bb5eb99fe278fcb78a3baa853a7a43d3e132c07ccfef6df89a537
-
SSDEEP
49152:9e/0IwCIddYQPKGH0hnHudJgZSK9QjHbK96:U/zwtddYQPxUhnOd062
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2