Overview

overview

10

Static

static

3

0ab2031afe...ca.exe

windows7-x64

10

0ab2031afe...ca.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0ab2031afe0569fe4b704e6f05628cdf55ac397a69e9941daa1aa3c883f523ca

  • Size

    1.1MB

  • Sample

    231011-rgkg9seb34

  • MD5

    4618cdfbd86efc51a557033672e99aab

  • SHA1

    8314dc3f36a95a6bda7b7859ee328b7e5f5b165d

  • SHA256

    0ab2031afe0569fe4b704e6f05628cdf55ac397a69e9941daa1aa3c883f523ca

  • SHA512

    3ab89afe22444f0c206c6c3ff9cf72b32774547e3530fba01d75c63d72344b20ccdda0fc99d151a8667cfe86909f4b513ece3c81b946de361e1278ca39433326

  • SSDEEP

    24576:yyKlQnpGQKKxQd8rsWLshoFHJ0mvsCNztfS2B:ZKlQ0Ql7QUumvFx

Score
10/10
healerdropperevasionpersistencetrojan

Malware Config

Targets

    • Target

      0ab2031afe0569fe4b704e6f05628cdf55ac397a69e9941daa1aa3c883f523ca

    • Size

      1.1MB

    • MD5

      4618cdfbd86efc51a557033672e99aab

    • SHA1

      8314dc3f36a95a6bda7b7859ee328b7e5f5b165d

    • SHA256

      0ab2031afe0569fe4b704e6f05628cdf55ac397a69e9941daa1aa3c883f523ca

    • SHA512

      3ab89afe22444f0c206c6c3ff9cf72b32774547e3530fba01d75c63d72344b20ccdda0fc99d151a8667cfe86909f4b513ece3c81b946de361e1278ca39433326

    • SSDEEP

      24576:yyKlQnpGQKKxQd8rsWLshoFHJ0mvsCNztfS2B:ZKlQ0Ql7QUumvFx

    Score
    10/10
    healerdropperevasionpersistencetrojan

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks