General
-
Target
c15efa58719df66a35d6cf3506636c68e4d4865b2df0140bdc38f178b9839049
-
Size
2.7MB
-
Sample
250211-lsgb4asqgy
-
MD5
ef478c7cb16a03c4372246cca76a0e71
-
SHA1
96a1b0dbe78b23b1dcfdb8f704e2faa0b7724ddb
-
SHA256
c15efa58719df66a35d6cf3506636c68e4d4865b2df0140bdc38f178b9839049
-
SHA512
372c103d929adf08e81a82b06a72aa529e987a37630a68ea84e28d57c38a5cb943cab739d95368c81dd33f04b84d5305d0dabed8126f9b67d8c96201a0d481fe
-
SSDEEP
49152:7Yu3L4rVXDc8Ggkw7sunCEcFpfpiBmWZeYB0C:7V3L4rVXDc8GgkN4cVuB/
Malware Config
Targets
-
-
Target
c15efa58719df66a35d6cf3506636c68e4d4865b2df0140bdc38f178b9839049
-
Size
2.7MB
-
MD5
ef478c7cb16a03c4372246cca76a0e71
-
SHA1
96a1b0dbe78b23b1dcfdb8f704e2faa0b7724ddb
-
SHA256
c15efa58719df66a35d6cf3506636c68e4d4865b2df0140bdc38f178b9839049
-
SHA512
372c103d929adf08e81a82b06a72aa529e987a37630a68ea84e28d57c38a5cb943cab739d95368c81dd33f04b84d5305d0dabed8126f9b67d8c96201a0d481fe
-
SSDEEP
49152:7Yu3L4rVXDc8Ggkw7sunCEcFpfpiBmWZeYB0C:7V3L4rVXDc8GgkN4cVuB/
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2