General
-
Target
b9ac47fd146519acc297e66c5c3d45b885e5624663df09b351ee85d7c85b872d
-
Size
1.7MB
-
Sample
250325-m2fbtsvwas
-
MD5
d272bfd094e904fc41fb120391b83f1f
-
SHA1
d82d317977621f7d6615020faca6f3dec44a7ac1
-
SHA256
b9ac47fd146519acc297e66c5c3d45b885e5624663df09b351ee85d7c85b872d
-
SHA512
3113015b2df6970f28f77ea0d6d61fce8abe78313f375a1224f107266d4ebd2a224261486bb7b8167cccf95b999631bbac5e8426bad917291b18fe3be106f13f
-
SSDEEP
49152:NCUnX/h8spVFXd/xoecMl2i2bARxV8PzAe+N:NlVpPdieCWRxyzA
Malware Config
Targets
-
-
Target
b9ac47fd146519acc297e66c5c3d45b885e5624663df09b351ee85d7c85b872d
-
Size
1.7MB
-
MD5
d272bfd094e904fc41fb120391b83f1f
-
SHA1
d82d317977621f7d6615020faca6f3dec44a7ac1
-
SHA256
b9ac47fd146519acc297e66c5c3d45b885e5624663df09b351ee85d7c85b872d
-
SHA512
3113015b2df6970f28f77ea0d6d61fce8abe78313f375a1224f107266d4ebd2a224261486bb7b8167cccf95b999631bbac5e8426bad917291b18fe3be106f13f
-
SSDEEP
49152:NCUnX/h8spVFXd/xoecMl2i2bARxV8PzAe+N:NlVpPdieCWRxyzA
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender DisableAntiSpyware settings
-
Modifies Windows Defender Real-time Protection settings
-
Modifies Windows Defender TamperProtection settings
-
Modifies Windows Defender notification settings
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
5Virtualization/Sandbox Evasion
2