healer | 40e31ff37267b644f9c69c7dda5e1fad3e9f45fe3afb6b27fc284e6df2274ee4 | Triage

Submit
Reports

Overview

overview

Static

static

3

NEAS.e0da7...40.exe

windows7-x64

NEAS.e0da7...40.exe

windows10-2004-x64

Sharing

General

Target

NEAS.e0da7ed93e63d80657a0787ccd039540.exe
Size

221KB
Sample

231105-lbwepadf7v
MD5

e0da7ed93e63d80657a0787ccd039540
SHA1

347cc142eff2380b64373d97ae793d68cbcefd5a
SHA256

40e31ff37267b644f9c69c7dda5e1fad3e9f45fe3afb6b27fc284e6df2274ee4
SHA512

8afab7f81f27a46aca87e0b7827d80d923e0f9132cad0612fa4aa2167d2b58c386fc229290750306f54f7c525155e62d57fcc5033f408b9fb7d5aa61e297d8bc
SSDEEP

6144:3t2PgXzDwghkRrup9xbzAOfNf0HoJqeaJF4S:3djDwAfzZNcHoGF4S

Score

10^/10

healer dropper evasion trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

NEAS.e0da7ed93e63d80657a0787ccd039540.exe

Resource

win7-20231020-en

healer dropper evasion trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEAS.e0da7ed93e63d80657a0787ccd039540.exe

Resource

win10v2004-20231025-en

healer dropper evasion trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  NEAS.e0da7ed93e63d80657a0787ccd039540.exe
- Size
  
  221KB
- MD5
  
  e0da7ed93e63d80657a0787ccd039540
- SHA1
  
  347cc142eff2380b64373d97ae793d68cbcefd5a
- SHA256
  
  40e31ff37267b644f9c69c7dda5e1fad3e9f45fe3afb6b27fc284e6df2274ee4
- SHA512
  
  8afab7f81f27a46aca87e0b7827d80d923e0f9132cad0612fa4aa2167d2b58c386fc229290750306f54f7c525155e62d57fcc5033f408b9fb7d5aa61e297d8bc
- SSDEEP
  
  6144:3t2PgXzDwghkRrup9xbzAOfNf0HoJqeaJF4S:3djDwAfzZNcHoGF4S
Score

10^/10

healer dropper evasion trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdropperevasiontrojan

behavioral2

healerdropperevasiontrojan

© 2018-2025

Terms | Privacy