Overview

overview

10

Static

static

3

01cbb546ed...0a.exe

windows7-x64

10

01cbb546ed...0a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    01cbb546edbbf2f07c95b072826e1243baa3062126a5344486411ee9ab5e290a

  • Size

    1.1MB

  • Sample

    231011-q8tdtabc4w

  • MD5

    11f83175ec6575abd45436c7668c01bc

  • SHA1

    57f0e1b4781ba132de91e5576cd364d50f10bb3e

  • SHA256

    01cbb546edbbf2f07c95b072826e1243baa3062126a5344486411ee9ab5e290a

  • SHA512

    16f3258979e68384a2c54b81eec3a091c3b8845dff3b08c8e4a4f104c85821bf6865e2104d5357c69143a63929bc23123831c570ace1a770ca9d0c6f625db813

  • SSDEEP

    24576:pyhndiwDNEpl1e5cW33ARdhCg2i261WBu:cxQwupl1EcWnAfW61WB

Score
10/10
healerdropperevasionpersistencetrojan

Malware Config

Targets

    • Target

      01cbb546edbbf2f07c95b072826e1243baa3062126a5344486411ee9ab5e290a

    • Size

      1.1MB

    • MD5

      11f83175ec6575abd45436c7668c01bc

    • SHA1

      57f0e1b4781ba132de91e5576cd364d50f10bb3e

    • SHA256

      01cbb546edbbf2f07c95b072826e1243baa3062126a5344486411ee9ab5e290a

    • SHA512

      16f3258979e68384a2c54b81eec3a091c3b8845dff3b08c8e4a4f104c85821bf6865e2104d5357c69143a63929bc23123831c570ace1a770ca9d0c6f625db813

    • SSDEEP

      24576:pyhndiwDNEpl1e5cW33ARdhCg2i261WBu:cxQwupl1EcWnAfW61WB

    Score
    10/10
    healerdropperevasionpersistencetrojan

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks