General
-
Target
703ebaa220419d648ab6d7db27bfbac69ef9ba24b7e7b48f277cb09b02dff5a3
-
Size
2.7MB
-
Sample
250127-hgt72awld1
-
MD5
630794bd155a9bca05377c4a25c905fd
-
SHA1
d863067472d1a5026c189f75e2cd9a6fba83af49
-
SHA256
703ebaa220419d648ab6d7db27bfbac69ef9ba24b7e7b48f277cb09b02dff5a3
-
SHA512
297daa3fd2714efbb945fec49fc5fa7ed88498ec0e25ff12be0fc1e05cbf420ba595e3a6fc7f8c5b7da4a7e3ec73bf28480e40458e5204fcb2479d909dab2400
-
SSDEEP
24576:0d2ozLa+n3cjt1Puy8a1RYtnMy932mnDO057a7pDB8+i41f+9yeYyW85l7Z/PY+x:YMd+uyhRyp8W8BY+eYlmQA4aKrCtzyx
Malware Config
Targets
-
-
Target
703ebaa220419d648ab6d7db27bfbac69ef9ba24b7e7b48f277cb09b02dff5a3
-
Size
2.7MB
-
MD5
630794bd155a9bca05377c4a25c905fd
-
SHA1
d863067472d1a5026c189f75e2cd9a6fba83af49
-
SHA256
703ebaa220419d648ab6d7db27bfbac69ef9ba24b7e7b48f277cb09b02dff5a3
-
SHA512
297daa3fd2714efbb945fec49fc5fa7ed88498ec0e25ff12be0fc1e05cbf420ba595e3a6fc7f8c5b7da4a7e3ec73bf28480e40458e5204fcb2479d909dab2400
-
SSDEEP
24576:0d2ozLa+n3cjt1Puy8a1RYtnMy932mnDO057a7pDB8+i41f+9yeYyW85l7Z/PY+x:YMd+uyhRyp8W8BY+eYlmQA4aKrCtzyx
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2