General
-
Target
a0d18890f7e05b5e4ff57114ff35e412df39d1c08462343338f1688bed3951d6
-
Size
1.7MB
-
Sample
250221-smzptawlv7
-
MD5
a161fc5a3e13fa9020f47400b0a3b8ed
-
SHA1
505d5e94545347b1a5ff0377d782e28997a298e4
-
SHA256
a0d18890f7e05b5e4ff57114ff35e412df39d1c08462343338f1688bed3951d6
-
SHA512
c7460c98cc6bdd7c3b3e1ee91337437541d785c0520451e2b58f075caf0d9659e88d2c156f0fb889d72f70879c84fbba104b315db96402635f21e4ea5e538dc0
-
SSDEEP
49152:9EBhhsd40IJbTxieyZEdTzDpjp7uzH7n4Te45w3:9EVqIZkeiqLpjp7uT7doG
Malware Config
Targets
-
-
Target
a0d18890f7e05b5e4ff57114ff35e412df39d1c08462343338f1688bed3951d6
-
Size
1.7MB
-
MD5
a161fc5a3e13fa9020f47400b0a3b8ed
-
SHA1
505d5e94545347b1a5ff0377d782e28997a298e4
-
SHA256
a0d18890f7e05b5e4ff57114ff35e412df39d1c08462343338f1688bed3951d6
-
SHA512
c7460c98cc6bdd7c3b3e1ee91337437541d785c0520451e2b58f075caf0d9659e88d2c156f0fb889d72f70879c84fbba104b315db96402635f21e4ea5e538dc0
-
SSDEEP
49152:9EBhhsd40IJbTxieyZEdTzDpjp7uzH7n4Te45w3:9EVqIZkeiqLpjp7uT7doG
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2