General
-
Target
c322772ac48dc13747c631dc69683e2a5553602867d666925ef1576d8d5303b6
-
Size
2.6MB
-
Sample
250127-dgmezaykel
-
MD5
c94f45035658d2fa43f42a47894f03f1
-
SHA1
38b33c77cede958dab88ce83a773702cebcb605e
-
SHA256
c322772ac48dc13747c631dc69683e2a5553602867d666925ef1576d8d5303b6
-
SHA512
1ed6151b9899d55a716f5c890b2375fc09913e9753a1c6631dd6e7249b5ddf15392132a504d926358ec53be3fc615f25d67044c9b759afbbc6bb6a3fb5ceee07
-
SSDEEP
24576:zhPAnv//YK0OpaS7VPTbin5Pm8j+uyOO9fh19ap5S91/jNTc4BWBWjEI5U6jGaCS:donvIKxphYd7v5S9PTzBCWjEI5HRZ
Malware Config
Targets
-
-
Target
c322772ac48dc13747c631dc69683e2a5553602867d666925ef1576d8d5303b6
-
Size
2.6MB
-
MD5
c94f45035658d2fa43f42a47894f03f1
-
SHA1
38b33c77cede958dab88ce83a773702cebcb605e
-
SHA256
c322772ac48dc13747c631dc69683e2a5553602867d666925ef1576d8d5303b6
-
SHA512
1ed6151b9899d55a716f5c890b2375fc09913e9753a1c6631dd6e7249b5ddf15392132a504d926358ec53be3fc615f25d67044c9b759afbbc6bb6a3fb5ceee07
-
SSDEEP
24576:zhPAnv//YK0OpaS7VPTbin5Pm8j+uyOO9fh19ap5S91/jNTc4BWBWjEI5U6jGaCS:donvIKxphYd7v5S9PTzBCWjEI5HRZ
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2