General
-
Target
file.exe
-
Size
2.6MB
-
Sample
250209-z4qlsssqdl
-
MD5
cbc887b616bbba978f3cbf29c97d8b81
-
SHA1
85e82285f948a1d4ef8a4cec06f966d50662ab64
-
SHA256
a8075ca402c83d948a5c49d83e7a037a4ab70bf077f15d40d5d69f7fba6295a3
-
SHA512
a424ce1c2436e346844e99bb9f374360ad3b2c89d0bc7bc3ed911586f9f97fa2ee5b2783c60758772ba2e510b77f0f12f166dc0f1035f0e51c802f2cf7e526fd
-
SSDEEP
49152:xO7LnzWR0IaY4vQvpi3AdbYqnKH/6Ag3U0AvFN4eh7F4qO:xO7LnzW+IaY4vQv0qnA/gqvLpO
Malware Config
Targets
-
-
Target
file.exe
-
Size
2.6MB
-
MD5
cbc887b616bbba978f3cbf29c97d8b81
-
SHA1
85e82285f948a1d4ef8a4cec06f966d50662ab64
-
SHA256
a8075ca402c83d948a5c49d83e7a037a4ab70bf077f15d40d5d69f7fba6295a3
-
SHA512
a424ce1c2436e346844e99bb9f374360ad3b2c89d0bc7bc3ed911586f9f97fa2ee5b2783c60758772ba2e510b77f0f12f166dc0f1035f0e51c802f2cf7e526fd
-
SSDEEP
49152:xO7LnzWR0IaY4vQvpi3AdbYqnKH/6Ag3U0AvFN4eh7F4qO:xO7LnzW+IaY4vQv0qnA/gqvLpO
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2