healer | 2a8a7cba3daed23bfa7d19f945a573ce1f3349a92aa181d52832734c537e0738 | Triage

Submit
Reports

Overview

overview

Static

static

3

b4d6e477b7...cs.exe

windows7-x64

b4d6e477b7...cs.exe

windows10-2004-x64

Sharing

General

Target

b4d6e477b79f203e9947ad396600cbe0_NeikiAnalytics
Size

181KB
Sample

240514-kww2aahh49
MD5

b4d6e477b79f203e9947ad396600cbe0
SHA1

14a248eaf8b06cc856ddede3ae368a6c56f5fd35
SHA256

2a8a7cba3daed23bfa7d19f945a573ce1f3349a92aa181d52832734c537e0738
SHA512

17795d091d34ca0d6ce115bf169c2024ba6f1c08559f6c1f545783649d0bf6bceaaf2fc0065ce865bf6aaff5ac53691f7e8b40d82e09ce94df3ad0e62d1e8c30
SSDEEP

3072:pDKW1LgppLRHMY0TBfJvjcTp5XZpa8nqeo7Qbeues6Y:pDKW1Lgbdl0TBBvjc/S81Sues

Score

10^/10

healer dropper evasion trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b4d6e477b79f203e9947ad396600cbe0_NeikiAnalytics.exe

Resource

win7-20240221-en

healer dropper evasion trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

b4d6e477b79f203e9947ad396600cbe0_NeikiAnalytics.exe

Resource

win10v2004-20240508-en

healer dropper evasion trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  b4d6e477b79f203e9947ad396600cbe0_NeikiAnalytics
- Size
  
  181KB
- MD5
  
  b4d6e477b79f203e9947ad396600cbe0
- SHA1
  
  14a248eaf8b06cc856ddede3ae368a6c56f5fd35
- SHA256
  
  2a8a7cba3daed23bfa7d19f945a573ce1f3349a92aa181d52832734c537e0738
- SHA512
  
  17795d091d34ca0d6ce115bf169c2024ba6f1c08559f6c1f545783649d0bf6bceaaf2fc0065ce865bf6aaff5ac53691f7e8b40d82e09ce94df3ad0e62d1e8c30
- SSDEEP
  
  3072:pDKW1LgppLRHMY0TBfJvjcTp5XZpa8nqeo7Qbeues6Y:pDKW1Lgbdl0TBBvjc/S81Sues
Score

10^/10

healer dropper evasion trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Windows security modification
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdropperevasiontrojan

behavioral2

healerdropperevasiontrojan

© 2018-2024

Terms | Privacy