healer | e28b55b99058d54e2ee5c5bad306451f5193daedce9c521f0b383027e24d1df0 | Triage

Submit
Reports

Overview

overview

Static

static

3

e28b55b990...f0.exe

windows7-x64

e28b55b990...f0.exe

windows10-2004-x64

Sharing

General

Target

e28b55b99058d54e2ee5c5bad306451f5193daedce9c521f0b383027e24d1df0
Size

290KB
Sample

240323-at88qaba63
MD5

c1765d5d3b9e3bf4666711dd43635d52
SHA1

5c24abcdd166327ca4e32885a3f32ef2b3b3b435
SHA256

e28b55b99058d54e2ee5c5bad306451f5193daedce9c521f0b383027e24d1df0
SHA512

a83f4e6b0eadc09ec7cce77c4519b3565f9f59864143a156d2e33c1823b2a162b648da599924e8b2cc5a788b19c64dd09a986344dfa8a89cf192449f9f181372
SSDEEP

6144:5eW4bLFYh3MgISaxenPn0sRakduR4biNZil6e4UA:5e9hYhZa+P0WV83SlVA

Score

10^/10

healer dropper evasion trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e28b55b99058d54e2ee5c5bad306451f5193daedce9c521f0b383027e24d1df0.exe

Resource

win7-20240221-en

healer dropper evasion trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

e28b55b99058d54e2ee5c5bad306451f5193daedce9c521f0b383027e24d1df0.exe

Resource

win10v2004-20240226-en

healer dropper evasion trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  e28b55b99058d54e2ee5c5bad306451f5193daedce9c521f0b383027e24d1df0
- Size
  
  290KB
- MD5
  
  c1765d5d3b9e3bf4666711dd43635d52
- SHA1
  
  5c24abcdd166327ca4e32885a3f32ef2b3b3b435
- SHA256
  
  e28b55b99058d54e2ee5c5bad306451f5193daedce9c521f0b383027e24d1df0
- SHA512
  
  a83f4e6b0eadc09ec7cce77c4519b3565f9f59864143a156d2e33c1823b2a162b648da599924e8b2cc5a788b19c64dd09a986344dfa8a89cf192449f9f181372
- SSDEEP
  
  6144:5eW4bLFYh3MgISaxenPn0sRakduR4biNZil6e4UA:5e9hYhZa+P0WV83SlVA
Score

10^/10

healer dropper evasion trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Detects executables embedding registry key / value combination indicative of disabling Windows Defender features
- Windows security modification
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdropperevasiontrojan

behavioral2

healerdropperevasiontrojan

© 2018-2025

Terms | Privacy