General
-
Target
f58eb33dde1fd08b47ca1981cb852126cc1c75c5fd39120913ffd00fec70ad60
-
Size
2.7MB
-
Sample
250126-rlccfstldz
-
MD5
30d673ee6c845af87b14f62e7b34fca9
-
SHA1
2079f03ed12602af363f2dd0045e339b03da2bc9
-
SHA256
f58eb33dde1fd08b47ca1981cb852126cc1c75c5fd39120913ffd00fec70ad60
-
SHA512
c7f3bf7d7238ac6eb79cd27f602c740d62c93ad8ce31567f1550ed33cfa6ad7429a533e26844ac510885af9c71fc741d18a4fb9af9159945397e5a80fc1e3ce9
-
SSDEEP
49152:TF3v83jYmfzvJJMh9ph0GxpUpwwacKJH1:p3v83jYmfzIhd0GQwwHKJH
Malware Config
Targets
-
-
Target
f58eb33dde1fd08b47ca1981cb852126cc1c75c5fd39120913ffd00fec70ad60
-
Size
2.7MB
-
MD5
30d673ee6c845af87b14f62e7b34fca9
-
SHA1
2079f03ed12602af363f2dd0045e339b03da2bc9
-
SHA256
f58eb33dde1fd08b47ca1981cb852126cc1c75c5fd39120913ffd00fec70ad60
-
SHA512
c7f3bf7d7238ac6eb79cd27f602c740d62c93ad8ce31567f1550ed33cfa6ad7429a533e26844ac510885af9c71fc741d18a4fb9af9159945397e5a80fc1e3ce9
-
SSDEEP
49152:TF3v83jYmfzvJJMh9ph0GxpUpwwacKJH1:p3v83jYmfzIhd0GQwwHKJH
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2