Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    z6363369.exe

  • Size

    217KB

  • Sample

    230904-bqck1scg71

  • MD5

    884c74eda7f42991a75d74315b27c27a

  • SHA1

    b9c9627bc3d7bd9d4448042598a32629ccee46bc

  • SHA256

    782f018f6a8e6dc1654feb37bf8c61c7d8603105cd80d3a04bf1133af6ceffc0

  • SHA512

    a4ecff115d0c47d7e346c1a0441ab98e3e0e80b51e771ff0e51791757154958ac01f5414fda2b21b0a430b063f42f546345e3a99c305e1cb26ed8de6e2f72eef

  • SSDEEP

    6144:KZy+bnr+vp0yN90QE91b8QS/7qt5rJHg:LMrvy9058xSm

Score
10/10
healerdropperevasionpersistencetrojan

Malware Config

Targets

    • Target

      z6363369.exe

    • Size

      217KB

    • MD5

      884c74eda7f42991a75d74315b27c27a

    • SHA1

      b9c9627bc3d7bd9d4448042598a32629ccee46bc

    • SHA256

      782f018f6a8e6dc1654feb37bf8c61c7d8603105cd80d3a04bf1133af6ceffc0

    • SHA512

      a4ecff115d0c47d7e346c1a0441ab98e3e0e80b51e771ff0e51791757154958ac01f5414fda2b21b0a430b063f42f546345e3a99c305e1cb26ed8de6e2f72eef

    • SSDEEP

      6144:KZy+bnr+vp0yN90QE91b8QS/7qt5rJHg:LMrvy9058xSm

    Score
    10/10
    healerdropperevasionpersistencetrojan

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks