General
-
Target
c065d4160d61d359742705980bb171bd888589db7174e86a9cfd29ffe062c831
-
Size
2.6MB
-
Sample
250126-zt7gkavkgn
-
MD5
31ae8b923bb5cfcb52e9a02656f38fa0
-
SHA1
743952a39fdbcc7ed2bcc988fd6db63120667e00
-
SHA256
c065d4160d61d359742705980bb171bd888589db7174e86a9cfd29ffe062c831
-
SHA512
3fc2fdfe60e21e99f0b15add6b9e80333a66c474e8b6a21e6244fa8783c5e7c12bbebefc430370f91af90aa3aa97fe11255a5bd458fe18deb9d5fb04ce5fbf42
-
SSDEEP
24576:QvWAaOtOzdt8SOZb93bBfMiQokyBcaZPlaNny2OlxL9sFciQhKqRSZJd6lGfTcE:QvUOY8SwhmvolaU7KQWJmGNvIvw8o
Malware Config
Targets
-
-
Target
c065d4160d61d359742705980bb171bd888589db7174e86a9cfd29ffe062c831
-
Size
2.6MB
-
MD5
31ae8b923bb5cfcb52e9a02656f38fa0
-
SHA1
743952a39fdbcc7ed2bcc988fd6db63120667e00
-
SHA256
c065d4160d61d359742705980bb171bd888589db7174e86a9cfd29ffe062c831
-
SHA512
3fc2fdfe60e21e99f0b15add6b9e80333a66c474e8b6a21e6244fa8783c5e7c12bbebefc430370f91af90aa3aa97fe11255a5bd458fe18deb9d5fb04ce5fbf42
-
SSDEEP
24576:QvWAaOtOzdt8SOZb93bBfMiQokyBcaZPlaNny2OlxL9sFciQhKqRSZJd6lGfTcE:QvUOY8SwhmvolaU7KQWJmGNvIvw8o
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2