Overview

overview

10

Static

static

3

4f69b5d1cf...d7.exe

windows7-x64

10

4f69b5d1cf...d7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4f69b5d1cff3192bd76f7c54861882346291f2a1a80d2d04ab3aae93e938d4d7

  • Size

    1.0MB

  • Sample

    231011-lb2lpsff85

  • MD5

    572755e3e78b1c046ba45c9c4bef6b1d

  • SHA1

    ac40f31a428da7c2e3a971bceb111b1c0019840f

  • SHA256

    4f69b5d1cff3192bd76f7c54861882346291f2a1a80d2d04ab3aae93e938d4d7

  • SHA512

    badac893360f68c5c609319f52fc683346823ff6a65c2a3532ac2ac67dfafbe702bf869587d220b72432680417147d45d54857c9302e6bf0cf5c84ddbbb749af

  • SSDEEP

    24576:tyYJQqY8/pcfWyd067QY5g8LkCKBRmrC1/mwmQtJTTij:IYiXWsE4g8LLKBRhMwz

Score
10/10
healerdropperevasionpersistencetrojan

Malware Config

Targets

    • Target

      4f69b5d1cff3192bd76f7c54861882346291f2a1a80d2d04ab3aae93e938d4d7

    • Size

      1.0MB

    • MD5

      572755e3e78b1c046ba45c9c4bef6b1d

    • SHA1

      ac40f31a428da7c2e3a971bceb111b1c0019840f

    • SHA256

      4f69b5d1cff3192bd76f7c54861882346291f2a1a80d2d04ab3aae93e938d4d7

    • SHA512

      badac893360f68c5c609319f52fc683346823ff6a65c2a3532ac2ac67dfafbe702bf869587d220b72432680417147d45d54857c9302e6bf0cf5c84ddbbb749af

    • SSDEEP

      24576:tyYJQqY8/pcfWyd067QY5g8LkCKBRmrC1/mwmQtJTTij:IYiXWsE4g8LLKBRhMwz

    Score
    10/10
    healerdropperevasionpersistencetrojan

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks