General
-
Target
dc7357c2bf77d42ecced323217883dfff8023ebb28db757f71787f3d80fd543b
-
Size
2.6MB
-
Sample
250207-gnbtla1nbv
-
MD5
7be529f1e016608b5241fb204ba64f65
-
SHA1
d25c89e30b541ea5e77c128b2dcba31e5639c5a5
-
SHA256
dc7357c2bf77d42ecced323217883dfff8023ebb28db757f71787f3d80fd543b
-
SHA512
cfdada4067aef667210b9be6524040c649e54ac2ecb251191ee406f992fdf17ab62b146fe3114ee50e6bd5400739873086d5fcff52e1b4297e8302d5549b1a6e
-
SSDEEP
49152:pD8EZH5qh0qjPJC0Iq4B5SgTuD2J62ghUhF4W:F8oZqh0qbJb426uK7oUhO
Malware Config
Targets
-
-
Target
dc7357c2bf77d42ecced323217883dfff8023ebb28db757f71787f3d80fd543b
-
Size
2.6MB
-
MD5
7be529f1e016608b5241fb204ba64f65
-
SHA1
d25c89e30b541ea5e77c128b2dcba31e5639c5a5
-
SHA256
dc7357c2bf77d42ecced323217883dfff8023ebb28db757f71787f3d80fd543b
-
SHA512
cfdada4067aef667210b9be6524040c649e54ac2ecb251191ee406f992fdf17ab62b146fe3114ee50e6bd5400739873086d5fcff52e1b4297e8302d5549b1a6e
-
SSDEEP
49152:pD8EZH5qh0qjPJC0Iq4B5SgTuD2J62ghUhF4W:F8oZqh0qbJb426uK7oUhO
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2