General
-
Target
15ce6b0813e14a119af9f05f93e36d04d8b8d8868444aca954fc168b9d2933fb
-
Size
2.7MB
-
Sample
250126-twjwdsxmhp
-
MD5
7c53b02683ab189b22dd381133a4429e
-
SHA1
f661919d8435ad88e61ee16cb5df08827e1eb534
-
SHA256
15ce6b0813e14a119af9f05f93e36d04d8b8d8868444aca954fc168b9d2933fb
-
SHA512
bae70cc8dfe4dbaaf3c42f563b08e86990a5ebad0d93626a222bedf4f88ae58d3b050b109ca9177fa5a53a50fa3b7a6bc18fe178e0b5f0f990b81c58416591f6
-
SSDEEP
24576:bm9y3voEfyVTOTik6vA2r8xMDMrz4OAW4vjhVRQ6IDRnfj0QAVKgCwqxFZ5O24Qv:bay3v3QoA8x5rcb2fjeVMwkO2FUcO
Malware Config
Targets
-
-
Target
15ce6b0813e14a119af9f05f93e36d04d8b8d8868444aca954fc168b9d2933fb
-
Size
2.7MB
-
MD5
7c53b02683ab189b22dd381133a4429e
-
SHA1
f661919d8435ad88e61ee16cb5df08827e1eb534
-
SHA256
15ce6b0813e14a119af9f05f93e36d04d8b8d8868444aca954fc168b9d2933fb
-
SHA512
bae70cc8dfe4dbaaf3c42f563b08e86990a5ebad0d93626a222bedf4f88ae58d3b050b109ca9177fa5a53a50fa3b7a6bc18fe178e0b5f0f990b81c58416591f6
-
SSDEEP
24576:bm9y3voEfyVTOTik6vA2r8xMDMrz4OAW4vjhVRQ6IDRnfj0QAVKgCwqxFZ5O24Qv:bay3v3QoA8x5rcb2fjeVMwkO2FUcO
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2