General
-
Target
6d93a1037ececdb66cf6895a1b41d66791b2ff2972052721ed6a254d34ff0199
-
Size
1.7MB
-
Sample
250221-n7ah7s1mdw
-
MD5
5da7db3a3b6bbd4210e279dd4b6be960
-
SHA1
771c7c6ca54d30303661ab4dd27971e8fae33add
-
SHA256
6d93a1037ececdb66cf6895a1b41d66791b2ff2972052721ed6a254d34ff0199
-
SHA512
32ad2f3bc2d6fb287021aa4088a9be79b2a62ac647ef90b9fe30bb73a4b726859735f45ce433fb1c59544d86ccfe6f22b2f249e000d02703cb97af832184ccc2
-
SSDEEP
49152:RRqJ8m+pix62gyyFSAVqz0cR+3IIVv9l9Cz1xo:RRQEiM2jeVqYs+4Inl9CJ
Malware Config
Targets
-
-
Target
6d93a1037ececdb66cf6895a1b41d66791b2ff2972052721ed6a254d34ff0199
-
Size
1.7MB
-
MD5
5da7db3a3b6bbd4210e279dd4b6be960
-
SHA1
771c7c6ca54d30303661ab4dd27971e8fae33add
-
SHA256
6d93a1037ececdb66cf6895a1b41d66791b2ff2972052721ed6a254d34ff0199
-
SHA512
32ad2f3bc2d6fb287021aa4088a9be79b2a62ac647ef90b9fe30bb73a4b726859735f45ce433fb1c59544d86ccfe6f22b2f249e000d02703cb97af832184ccc2
-
SSDEEP
49152:RRqJ8m+pix62gyyFSAVqz0cR+3IIVv9l9Cz1xo:RRQEiM2jeVqYs+4Inl9CJ
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2