General
-
Target
eaf481fbda61d8755de2ea0e60fcdcaf6a9d7be82ea966cc697940b6233930c3
-
Size
1.7MB
-
Sample
250214-qmkjsaxrgs
-
MD5
3328b6e3fd175e99d1eaad48dd15b265
-
SHA1
c1744a5117d5442128fe0c3133982c50dd0290e8
-
SHA256
eaf481fbda61d8755de2ea0e60fcdcaf6a9d7be82ea966cc697940b6233930c3
-
SHA512
477d9ad4193e2243271649bbdfb29cfd2564cf4bafc1b2564775a363cfc1bde1ca583a002007547f70d53e528f111a1d7a64291f4a4d23ce6f3eae76c9296a1a
-
SSDEEP
24576:W8QL0vPIP0x1FfxRuCgla5+/fQn5/mYdfXaGy/Z52iiD/YqsqQMbvCuK4UW:Ho0nIsxnglahmYdKf/0sUQMDIW
Malware Config
Targets
-
-
Target
eaf481fbda61d8755de2ea0e60fcdcaf6a9d7be82ea966cc697940b6233930c3
-
Size
1.7MB
-
MD5
3328b6e3fd175e99d1eaad48dd15b265
-
SHA1
c1744a5117d5442128fe0c3133982c50dd0290e8
-
SHA256
eaf481fbda61d8755de2ea0e60fcdcaf6a9d7be82ea966cc697940b6233930c3
-
SHA512
477d9ad4193e2243271649bbdfb29cfd2564cf4bafc1b2564775a363cfc1bde1ca583a002007547f70d53e528f111a1d7a64291f4a4d23ce6f3eae76c9296a1a
-
SSDEEP
24576:W8QL0vPIP0x1FfxRuCgla5+/fQn5/mYdfXaGy/Z52iiD/YqsqQMbvCuK4UW:Ho0nIsxnglahmYdKf/0sUQMDIW
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2