General
-
Target
42c08bb5a2af072377b23a18e65c889bebfebc54a255501462419b10e85091ce
-
Size
1.7MB
-
Sample
250216-2hnw7a1laj
-
MD5
aee0774a426291c29dc57e1dc6c24747
-
SHA1
91a5f32b1bc205bf517722a2bbb930d291c41eff
-
SHA256
42c08bb5a2af072377b23a18e65c889bebfebc54a255501462419b10e85091ce
-
SHA512
8f137c327342bfe87ce86aab7eab111b540c686e5869e5a15d4f3da07ee25f4a9c74d7565e91f0ccba4126937b62d298e9b92be5889bb71b1a54801311cd0e50
-
SSDEEP
49152://u2IL1SRAqkYoXav67KbEGcPQ1BpOGMN/AJL/zQdnB:/rgACovCKoGw8BpOGu/Ah/MdnB
Malware Config
Targets
-
-
Target
42c08bb5a2af072377b23a18e65c889bebfebc54a255501462419b10e85091ce
-
Size
1.7MB
-
MD5
aee0774a426291c29dc57e1dc6c24747
-
SHA1
91a5f32b1bc205bf517722a2bbb930d291c41eff
-
SHA256
42c08bb5a2af072377b23a18e65c889bebfebc54a255501462419b10e85091ce
-
SHA512
8f137c327342bfe87ce86aab7eab111b540c686e5869e5a15d4f3da07ee25f4a9c74d7565e91f0ccba4126937b62d298e9b92be5889bb71b1a54801311cd0e50
-
SSDEEP
49152://u2IL1SRAqkYoXav67KbEGcPQ1BpOGMN/AJL/zQdnB:/rgACovCKoGw8BpOGu/Ah/MdnB
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2