General
-
Target
cc0185449d6082c0c977f4ed800635fc9109370e0830dd7eeb1e99bf394da15c
-
Size
1.6MB
-
Sample
250221-hrqbtswmcm
-
MD5
05150a8e2a7b6a9561c2e62f62fdb03c
-
SHA1
00eb2f783a0855f10e35a935bd5fde9a51802e63
-
SHA256
cc0185449d6082c0c977f4ed800635fc9109370e0830dd7eeb1e99bf394da15c
-
SHA512
57c9faee2a231fc7054961c153f4d9c4816ae0a6bf9af2afc2c1e269128b2f2d97e31227663b39dd4460b0bbc0787008a4e1abb872f6826a5d0f17f0e2ecb13c
-
SSDEEP
49152:m59Rs7lcOHqXQNjLXg2qYM3lmJkmzTOTNuPLdH/GSgd:y3UlcOiqNqYiZidfGSy
Malware Config
Targets
-
-
Target
cc0185449d6082c0c977f4ed800635fc9109370e0830dd7eeb1e99bf394da15c
-
Size
1.6MB
-
MD5
05150a8e2a7b6a9561c2e62f62fdb03c
-
SHA1
00eb2f783a0855f10e35a935bd5fde9a51802e63
-
SHA256
cc0185449d6082c0c977f4ed800635fc9109370e0830dd7eeb1e99bf394da15c
-
SHA512
57c9faee2a231fc7054961c153f4d9c4816ae0a6bf9af2afc2c1e269128b2f2d97e31227663b39dd4460b0bbc0787008a4e1abb872f6826a5d0f17f0e2ecb13c
-
SSDEEP
49152:m59Rs7lcOHqXQNjLXg2qYM3lmJkmzTOTNuPLdH/GSgd:y3UlcOiqNqYiZidfGSy
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2