Overview

overview

10

Static

static

3

e41855bf16...b2.exe

windows7-x64

10

e41855bf16...b2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e41855bf1659ed54bf2e2617b5ee5eadbe2ce2e0640bd22567816a566629c6b2

  • Size

    1.0MB

  • Sample

    231011-k8k5jsfd52

  • MD5

    1764eeecfd4c3f8e357bf5c869047f5c

  • SHA1

    6d6acf6338a2adae15da9d31a21de659478853cf

  • SHA256

    d77c61e18c77518e629e4a210a6edece19607897dee628703521206c6a2f9a44

  • SHA512

    0e6c75c1326a584eec41c9e30c6769c6e3d1635ef4471e281fa8d82238a29548181433d4186b32859666110ed15c968a492aafb0b35e8e2723a8116f341c089c

  • SSDEEP

    24576:k/Bbyu+7q3rYkSi/VFh5YulCyJwy7pZ3zNaOZ0L:mYuCcjqu9JLDoa6

Score
10/10
healerdropperevasionpersistencetrojan

Malware Config

Targets

    • Target

      e41855bf1659ed54bf2e2617b5ee5eadbe2ce2e0640bd22567816a566629c6b2

    • Size

      1.0MB

    • MD5

      48fe3cc12c138ea6d1f139f618b7df47

    • SHA1

      0c228884a2a9abd5199e21d55bcb86af3d18d4f4

    • SHA256

      e41855bf1659ed54bf2e2617b5ee5eadbe2ce2e0640bd22567816a566629c6b2

    • SHA512

      e165953d4e8c0fbb6121c5c8ee7a00e5193bce15a0f5a7b1c4bc11eda7acaa305d990da589e04271ccd8a7376620bdce50253271c5adc7b5e190101f3e6255ef

    • SSDEEP

      24576:3y5TqjLY8S05OCxFxjYul2KLwytrZNRdSAh:ClGOCx4ulLfrwA

    Score
    10/10
    healerdropperevasionpersistencetrojan

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks