General
-
Target
bb4de0026ea6e47aaad4ec608d3735215040835ac1ff58e7cc250122c49caf02
-
Size
1.7MB
-
Sample
250324-js7g6sxk17
-
MD5
6d5b4a126cf77fbf990fd610ee6609fe
-
SHA1
0e322e0225cd38fe1255dfc369c8f543a10343ed
-
SHA256
bb4de0026ea6e47aaad4ec608d3735215040835ac1ff58e7cc250122c49caf02
-
SHA512
e3e76e94c75d50098ec3d3be89b89868b5d0a4a747e2d0a3d9f6239fb1c28f0721f88eacdf4d3d11ce01ea286d5af5c45ab3d9ac2d1e4822bd73841a0a1f00c6
-
SSDEEP
49152:9lb1/gJ+lrWb6UPrNqN70U3yGwd27EoYof:PbZgJ+Z3gy7UGU27EWf
Malware Config
Targets
-
-
Target
bb4de0026ea6e47aaad4ec608d3735215040835ac1ff58e7cc250122c49caf02
-
Size
1.7MB
-
MD5
6d5b4a126cf77fbf990fd610ee6609fe
-
SHA1
0e322e0225cd38fe1255dfc369c8f543a10343ed
-
SHA256
bb4de0026ea6e47aaad4ec608d3735215040835ac1ff58e7cc250122c49caf02
-
SHA512
e3e76e94c75d50098ec3d3be89b89868b5d0a4a747e2d0a3d9f6239fb1c28f0721f88eacdf4d3d11ce01ea286d5af5c45ab3d9ac2d1e4822bd73841a0a1f00c6
-
SSDEEP
49152:9lb1/gJ+lrWb6UPrNqN70U3yGwd27EoYof:PbZgJ+Z3gy7UGU27EWf
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2