Overview

overview

10

Static

static

3

c4de7d0caa...62.exe

windows7-x64

10

c4de7d0caa...62.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c4de7d0caab6cd8104e6a6186d7ffa3f7798f9a3e9ca2c3d89c4b2865c8e0f62

  • Size

    2.7MB

  • Sample

    250127-d666nsymhz

  • MD5

    e3f3260d08613288abd21348c5e6e970

  • SHA1

    fec8481f16dd025ff8d66d0b0392fb680e341312

  • SHA256

    c4de7d0caab6cd8104e6a6186d7ffa3f7798f9a3e9ca2c3d89c4b2865c8e0f62

  • SHA512

    ed4e5ada397fb69e307c63225ab71d684d0b8dd61713af24064dc2dfdbe9355b0d4cd6ed073de8f604d063d6bb4653ac74c1692a7702b1f467267f082ddb9bef

  • SSDEEP

    24576:0uV+mwEUlUypmcc+pqKGdfxPtUjK9jRsowJS58JiqIQ/0NBnxTTJ0+wwmIJjHUfQ:0uY320Z+lpQK960rhHmTsQ8MQCHM

Score
10/10
healerdefense_evasiondiscoverydropperevasiontrojan

Malware Config

Targets

    • Target

      c4de7d0caab6cd8104e6a6186d7ffa3f7798f9a3e9ca2c3d89c4b2865c8e0f62

    • Size

      2.7MB

    • MD5

      e3f3260d08613288abd21348c5e6e970

    • SHA1

      fec8481f16dd025ff8d66d0b0392fb680e341312

    • SHA256

      c4de7d0caab6cd8104e6a6186d7ffa3f7798f9a3e9ca2c3d89c4b2865c8e0f62

    • SHA512

      ed4e5ada397fb69e307c63225ab71d684d0b8dd61713af24064dc2dfdbe9355b0d4cd6ed073de8f604d063d6bb4653ac74c1692a7702b1f467267f082ddb9bef

    • SSDEEP

      24576:0uV+mwEUlUypmcc+pqKGdfxPtUjK9jRsowJS58JiqIQ/0NBnxTTJ0+wwmIJjHUfQ:0uY320Z+lpQK960rhHmTsQ8MQCHM

    Score
    10/10
    healerdefense_evasiondiscoverydropperevasiontrojan

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Healer family

      healer

    • Modifies Windows Defender DisableAntiSpyware settings

      evasiontrojan

    • Modifies Windows Defender Real-time Protection settings

      defense_evasiontrojan

    • Modifies Windows Defender TamperProtection settings

      evasiontrojan

    • Modifies Windows Defender notification settings

      defense_evasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      defense_evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      defense_evasion

    • Windows security modification

      defense_evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks