healer | 4cca68fe0b95cfb217d3c687c4e693de691b5da423cb3c23ba7ff455c74fe935 | Triage

Submit
Reports

Overview

overview

Static

static

3

4cca68fe0b...35.exe

windows7-x64

4cca68fe0b...35.exe

windows10-2004-x64

Sharing

General

Target

4cca68fe0b95cfb217d3c687c4e693de691b5da423cb3c23ba7ff455c74fe935
Size

312KB
Sample

240407-zn91haeb8z
MD5

1810fe54c876d6f48023f5d4dd7e1549
SHA1

e972b56a82be7c18bfc979aadc0e0358b850da8c
SHA256

4cca68fe0b95cfb217d3c687c4e693de691b5da423cb3c23ba7ff455c74fe935
SHA512

69cb48b343951861a7fc018f33ceda19a5147fa93e99ea42335a73c4cb5886d32fd4bf829bbd72230b907a58e2e274cdaf78007f344bfb20a46769bd32ff40ef
SSDEEP

3072:gX1HPDx94Bh8vTsSC1o2GmPje8y06aE9n3yc75m0A+gjsxP8TaCwPZD/jqgnyCNC:SrEBY61/Gmblm393yz+xP8U9y195aW

Score

10^/10

healer dropper evasion trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4cca68fe0b95cfb217d3c687c4e693de691b5da423cb3c23ba7ff455c74fe935.exe

Resource

win7-20240221-en

healer dropper evasion trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

4cca68fe0b95cfb217d3c687c4e693de691b5da423cb3c23ba7ff455c74fe935.exe

Resource

win10v2004-20240226-en

healer dropper evasion trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  4cca68fe0b95cfb217d3c687c4e693de691b5da423cb3c23ba7ff455c74fe935
- Size
  
  312KB
- MD5
  
  1810fe54c876d6f48023f5d4dd7e1549
- SHA1
  
  e972b56a82be7c18bfc979aadc0e0358b850da8c
- SHA256
  
  4cca68fe0b95cfb217d3c687c4e693de691b5da423cb3c23ba7ff455c74fe935
- SHA512
  
  69cb48b343951861a7fc018f33ceda19a5147fa93e99ea42335a73c4cb5886d32fd4bf829bbd72230b907a58e2e274cdaf78007f344bfb20a46769bd32ff40ef
- SSDEEP
  
  3072:gX1HPDx94Bh8vTsSC1o2GmPje8y06aE9n3yc75m0A+gjsxP8TaCwPZD/jqgnyCNC:SrEBY61/Gmblm393yz+xP8U9y195aW
Score

10^/10

healer dropper evasion trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Detects executables embedding registry key / value combination indicative of disabling Windows Defender features
- Windows security modification
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdropperevasiontrojan

behavioral2

healerdropperevasiontrojan

© 2018-2024

Terms | Privacy