Overview

overview

10

Static

static

3

07dbf6e4de...d3.exe

windows7-x64

10

07dbf6e4de...d3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    07dbf6e4de39b6d802a27233a663f406a9eb4e1636be02887c15496848aae0d3

  • Size

    1.7MB

  • Sample

    250221-x1b8wsxqaw

  • MD5

    54e6077622a103e4941a9b1e6b3b8810

  • SHA1

    c5f93460a58f46fbe7acfaf1124febcd81f7bc6b

  • SHA256

    07dbf6e4de39b6d802a27233a663f406a9eb4e1636be02887c15496848aae0d3

  • SHA512

    b7b243272e9dc30d5cffd5f9b1a3345ff3684841651a3d438a3407b978cdce2db60ac2fc4b422564d296e3be8f12c9ceca2d4f2027c9fc68d6b25dad9bcac687

  • SSDEEP

    24576:0oQATV7lA5g2T6oVk8QZXADWIt4F3kn2+3dVHgM7S/sA+UNO:0oQSlATVK8aFk2+3dtgM7WLb

Score
10/10
healerdefense_evasiondiscoverydropperevasiontrojan

Malware Config

Targets

    • Target

      07dbf6e4de39b6d802a27233a663f406a9eb4e1636be02887c15496848aae0d3

    • Size

      1.7MB

    • MD5

      54e6077622a103e4941a9b1e6b3b8810

    • SHA1

      c5f93460a58f46fbe7acfaf1124febcd81f7bc6b

    • SHA256

      07dbf6e4de39b6d802a27233a663f406a9eb4e1636be02887c15496848aae0d3

    • SHA512

      b7b243272e9dc30d5cffd5f9b1a3345ff3684841651a3d438a3407b978cdce2db60ac2fc4b422564d296e3be8f12c9ceca2d4f2027c9fc68d6b25dad9bcac687

    • SSDEEP

      24576:0oQATV7lA5g2T6oVk8QZXADWIt4F3kn2+3dVHgM7S/sA+UNO:0oQSlATVK8aFk2+3dtgM7WLb

    Score
    10/10
    healerdefense_evasiondiscoverydropperevasiontrojan

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Healer family

      healer

    • Modifies Windows Defender DisableAntiSpyware settings

      evasiontrojan

    • Modifies Windows Defender Real-time Protection settings

      defense_evasiontrojan

    • Modifies Windows Defender TamperProtection settings

      evasiontrojan

    • Modifies Windows Defender notification settings

      defense_evasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      defense_evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      defense_evasion

    • Windows security modification

      defense_evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks