General
-
Target
bc1be22b8b101473892e7a52e65bc78ef1d577ca0741cce56c9c03bd28267dfa
-
Size
2.7MB
-
Sample
250127-gv9dfavlhv
-
MD5
328db831cb307dc6a98ff64d1304cb71
-
SHA1
bab5d62de29678af38142e84af4cf0f408c6b597
-
SHA256
bc1be22b8b101473892e7a52e65bc78ef1d577ca0741cce56c9c03bd28267dfa
-
SHA512
c2e9fb3e162493c7aff0bae925bc39cbf1a8d3de3311c5ef6b126efbffeb30e9177c3d1c7d6fd0a436b351c483a7e9c37fee389e69558c4bd1cd14cf24072cd9
-
SSDEEP
24576:3i1yk1wxDxSv9SJnnBQyVxUpp8XUluvQ/Fy8KaGUOv6EQPWdpm9fCCcn3gjdHyHh:3KSs0Opiw64DxACq3N9AyWUjazGibIr
Malware Config
Targets
-
-
Target
bc1be22b8b101473892e7a52e65bc78ef1d577ca0741cce56c9c03bd28267dfa
-
Size
2.7MB
-
MD5
328db831cb307dc6a98ff64d1304cb71
-
SHA1
bab5d62de29678af38142e84af4cf0f408c6b597
-
SHA256
bc1be22b8b101473892e7a52e65bc78ef1d577ca0741cce56c9c03bd28267dfa
-
SHA512
c2e9fb3e162493c7aff0bae925bc39cbf1a8d3de3311c5ef6b126efbffeb30e9177c3d1c7d6fd0a436b351c483a7e9c37fee389e69558c4bd1cd14cf24072cd9
-
SSDEEP
24576:3i1yk1wxDxSv9SJnnBQyVxUpp8XUluvQ/Fy8KaGUOv6EQPWdpm9fCCcn3gjdHyHh:3KSs0Opiw64DxACq3N9AyWUjazGibIr
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2