healer | de3020bfbacef9093491d81dbef175bf3c8835fe5f452dfd998b3a290f5b00f3 | Triage

Submit
Reports

Overview

overview

Static

static

3

de3020bfba...f3.exe

windows7-x64

de3020bfba...f3.exe

windows10-2004-x64

Sharing

General

Target

de3020bfbacef9093491d81dbef175bf3c8835fe5f452dfd998b3a290f5b00f3
Size

333KB
Sample

240322-bjkytaeb68
MD5

94de84ca6568d518cda4ede2da04fab6
SHA1

2fce7a9d15ba7d6592f62eca5a1c5e6dce08b76d
SHA256

de3020bfbacef9093491d81dbef175bf3c8835fe5f452dfd998b3a290f5b00f3
SHA512

9da40dcc0c76d26c45667cea3367bfcfa6703285806e62014e6bcd12b9aa660e57c447324841605bb3336e731a8d1617135d43ec69ed32ce25c6eee1b783f879
SSDEEP

6144:GeYLQbzpE0X9lbdWQMVioMHdkGIrBoTAj5hE:GeYsbzJ9lbYQJHd3Iqk9hE

Score

10^/10

healer dropper evasion trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

de3020bfbacef9093491d81dbef175bf3c8835fe5f452dfd998b3a290f5b00f3.exe

Resource

win7-20240319-en

healer dropper evasion trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

de3020bfbacef9093491d81dbef175bf3c8835fe5f452dfd998b3a290f5b00f3.exe

Resource

win10v2004-20240226-en

healer dropper evasion trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  de3020bfbacef9093491d81dbef175bf3c8835fe5f452dfd998b3a290f5b00f3
- Size
  
  333KB
- MD5
  
  94de84ca6568d518cda4ede2da04fab6
- SHA1
  
  2fce7a9d15ba7d6592f62eca5a1c5e6dce08b76d
- SHA256
  
  de3020bfbacef9093491d81dbef175bf3c8835fe5f452dfd998b3a290f5b00f3
- SHA512
  
  9da40dcc0c76d26c45667cea3367bfcfa6703285806e62014e6bcd12b9aa660e57c447324841605bb3336e731a8d1617135d43ec69ed32ce25c6eee1b783f879
- SSDEEP
  
  6144:GeYLQbzpE0X9lbdWQMVioMHdkGIrBoTAj5hE:GeYsbzJ9lbYQJHd3Iqk9hE
Score

10^/10

healer dropper evasion trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Detects executables embedding registry key / value combination indicative of disabling Windows Defender features
- Windows security modification
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdropperevasiontrojan

behavioral2

healerdropperevasiontrojan

© 2018-2024

Terms | Privacy