Overview

overview

10

Static

static

3

ce67a8c960...9d.exe

windows7-x64

10

ce67a8c960...9d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ce67a8c9601aa6b340570e398cc5f7450b995e5ad75d8058e02cdf245c31b39d

  • Size

    2.8MB

  • Sample

    250127-jy3feazpgr

  • MD5

    ce77cfc18cb68c73d9b0acc800a964b7

  • SHA1

    e613ac9a1322ad0457ee96832dcfc4c4a7c20366

  • SHA256

    ce67a8c9601aa6b340570e398cc5f7450b995e5ad75d8058e02cdf245c31b39d

  • SHA512

    b59381cca3c59a00196806dd7e1a5de626fc949acc06c33d7d2ab7c15d9dcdb0faf3b1374cb1951e834d5c342a33d67cd83a4ecf14cc40afee6ee9a23f08d668

  • SSDEEP

    49152:O9KwbSCjNfQ+816sU8JArD83EeGr7fZv8FqN3EL:MKwbSCjNfQ+81DXR3N0TxoqNw

Score
10/10
healerdefense_evasiondiscoverydropperevasiontrojan

Malware Config

Targets

    • Target

      ce67a8c9601aa6b340570e398cc5f7450b995e5ad75d8058e02cdf245c31b39d

    • Size

      2.8MB

    • MD5

      ce77cfc18cb68c73d9b0acc800a964b7

    • SHA1

      e613ac9a1322ad0457ee96832dcfc4c4a7c20366

    • SHA256

      ce67a8c9601aa6b340570e398cc5f7450b995e5ad75d8058e02cdf245c31b39d

    • SHA512

      b59381cca3c59a00196806dd7e1a5de626fc949acc06c33d7d2ab7c15d9dcdb0faf3b1374cb1951e834d5c342a33d67cd83a4ecf14cc40afee6ee9a23f08d668

    • SSDEEP

      49152:O9KwbSCjNfQ+816sU8JArD83EeGr7fZv8FqN3EL:MKwbSCjNfQ+81DXR3N0TxoqNw

    Score
    10/10
    healerdefense_evasiondiscoverydropperevasiontrojan

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Healer family

      healer

    • Modifies Windows Defender DisableAntiSpyware settings

      evasiontrojan

    • Modifies Windows Defender Real-time Protection settings

      defense_evasiontrojan

    • Modifies Windows Defender TamperProtection settings

      evasiontrojan

    • Modifies Windows Defender notification settings

      defense_evasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      defense_evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      defense_evasion

    • Windows security modification

      defense_evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks