General
-
Target
1f62e5d0bb992324c3ff3f8ca1adb37b682a6063f60db8a1cfc0ba98747bf122
-
Size
2.7MB
-
Sample
250127-eexnlazraj
-
MD5
79e981d5ccd68b42e5326c712fe4edbb
-
SHA1
25688cf563387d82603438f1ae38b3c6b628010f
-
SHA256
1f62e5d0bb992324c3ff3f8ca1adb37b682a6063f60db8a1cfc0ba98747bf122
-
SHA512
c93a934ff80cc2f190aa5961d116bd384ba28b8608d4f7c562eb1131a6708e7615581f1d60209427aef7494eeead9dfa90b52cd57615fb9437b9c2ecf3787276
-
SSDEEP
49152:XpDDrYKezPj23ewqyCkYFPKKduHJXWI5H:XpDDr1eLj2ZqyRYEKduHJ7
Malware Config
Targets
-
-
Target
1f62e5d0bb992324c3ff3f8ca1adb37b682a6063f60db8a1cfc0ba98747bf122
-
Size
2.7MB
-
MD5
79e981d5ccd68b42e5326c712fe4edbb
-
SHA1
25688cf563387d82603438f1ae38b3c6b628010f
-
SHA256
1f62e5d0bb992324c3ff3f8ca1adb37b682a6063f60db8a1cfc0ba98747bf122
-
SHA512
c93a934ff80cc2f190aa5961d116bd384ba28b8608d4f7c562eb1131a6708e7615581f1d60209427aef7494eeead9dfa90b52cd57615fb9437b9c2ecf3787276
-
SSDEEP
49152:XpDDrYKezPj23ewqyCkYFPKKduHJXWI5H:XpDDr1eLj2ZqyRYEKduHJ7
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2