Overview

overview

10

Static

static

3

4922c24714...4a.exe

windows7-x64

10

4922c24714...4a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4922c24714e7c53277e075dfb8142672561900f67937ce5fb451d18110f4b34a

  • Size

    1.0MB

  • Sample

    231012-dbzhcade57

  • MD5

    57d3c4401d3486b76c0ecb4c2ad1082d

  • SHA1

    b60692c701b95bce619cdd9ae868cd46e37a2268

  • SHA256

    4922c24714e7c53277e075dfb8142672561900f67937ce5fb451d18110f4b34a

  • SHA512

    1da09f62f4ad6a4449e451cee34788361a156990972ef6764c2ca080ef8c7fe07f0ce5d710c47c687d10d365b7d6ecb099f0e3dc628ee546654070cbab347bac

  • SSDEEP

    24576:XyZjdiK4Qis65bdkqXsqiDs7/vpmzpz7koLgGfqli:i67Qis0baqXsqp7/vp27PgGil

Score
10/10
healerdropperevasionpersistencetrojan

Malware Config

Targets

    • Target

      4922c24714e7c53277e075dfb8142672561900f67937ce5fb451d18110f4b34a

    • Size

      1.0MB

    • MD5

      57d3c4401d3486b76c0ecb4c2ad1082d

    • SHA1

      b60692c701b95bce619cdd9ae868cd46e37a2268

    • SHA256

      4922c24714e7c53277e075dfb8142672561900f67937ce5fb451d18110f4b34a

    • SHA512

      1da09f62f4ad6a4449e451cee34788361a156990972ef6764c2ca080ef8c7fe07f0ce5d710c47c687d10d365b7d6ecb099f0e3dc628ee546654070cbab347bac

    • SSDEEP

      24576:XyZjdiK4Qis65bdkqXsqiDs7/vpmzpz7koLgGfqli:i67Qis0baqXsqp7/vp27PgGil

    Score
    10/10
    healerdropperevasionpersistencetrojan

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks