General
-
Target
379bc2b253b076ddea3c0fb445c5e14d0e81cf71938ff987c563e7ce3d9529ea
-
Size
1.7MB
-
Sample
250222-pwnr5ayjv5
-
MD5
217a98f1a57beeff7e46b4fc1b1cf884
-
SHA1
8cde6fa2f1956b49c33b41051bc52de4bfdd2bea
-
SHA256
379bc2b253b076ddea3c0fb445c5e14d0e81cf71938ff987c563e7ce3d9529ea
-
SHA512
fa0ed69b3e002f0cc48cc16e04b507dc5d01e62ebc413158437f2d336999eb7755d709430db34b80b406fa1a8637416bf03d6ee12348123decd048429e02bb97
-
SSDEEP
49152:aHC/4LC+LqynfVXG59Fxbefz/EFpcPUz:aJL5LjfxG5DpC/ac4
Malware Config
Targets
-
-
Target
379bc2b253b076ddea3c0fb445c5e14d0e81cf71938ff987c563e7ce3d9529ea
-
Size
1.7MB
-
MD5
217a98f1a57beeff7e46b4fc1b1cf884
-
SHA1
8cde6fa2f1956b49c33b41051bc52de4bfdd2bea
-
SHA256
379bc2b253b076ddea3c0fb445c5e14d0e81cf71938ff987c563e7ce3d9529ea
-
SHA512
fa0ed69b3e002f0cc48cc16e04b507dc5d01e62ebc413158437f2d336999eb7755d709430db34b80b406fa1a8637416bf03d6ee12348123decd048429e02bb97
-
SSDEEP
49152:aHC/4LC+LqynfVXG59Fxbefz/EFpcPUz:aJL5LjfxG5DpC/ac4
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2