General
-
Target
020bd6021ca3382221cba877e624703b.exe
-
Size
2.6MB
-
Sample
250126-rpkg8stmbs
-
MD5
020bd6021ca3382221cba877e624703b
-
SHA1
8552614eaa7f8b5d092a1252a42ec55c782c2530
-
SHA256
38e0e58a673cfbc1496b5d4f57b95f73aee67ac323575dca4eac8312ade68743
-
SHA512
bcafdc629096bd468fb77675a691342ffeea79aa167d268d03bc5a51064fc01555bc81e2e54b4d7da5004776db59cdd306b5f9e64b560e3a2b5f2241f0b13738
-
SSDEEP
49152:1ToYVT2i+V8uWGVLF+A+rddn0zNasUHgFT:2YVT2i+VZWGD+XrQzAHST
Malware Config
Targets
-
-
Target
020bd6021ca3382221cba877e624703b.exe
-
Size
2.6MB
-
MD5
020bd6021ca3382221cba877e624703b
-
SHA1
8552614eaa7f8b5d092a1252a42ec55c782c2530
-
SHA256
38e0e58a673cfbc1496b5d4f57b95f73aee67ac323575dca4eac8312ade68743
-
SHA512
bcafdc629096bd468fb77675a691342ffeea79aa167d268d03bc5a51064fc01555bc81e2e54b4d7da5004776db59cdd306b5f9e64b560e3a2b5f2241f0b13738
-
SSDEEP
49152:1ToYVT2i+V8uWGVLF+A+rddn0zNasUHgFT:2YVT2i+VZWGD+XrQzAHST
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2