healer | 5b59b48f0a2ced9ede68f7a63000d78b0504da16801d0498728e033d3cd3c6d7 | Triage

Submit
Reports

Overview

overview

Static

static

3

5b59b48f0a...d7.exe

windows7-x64

5b59b48f0a...d7.exe

windows10-2004-x64

Sharing

General

Target

5b59b48f0a2ced9ede68f7a63000d78b0504da16801d0498728e033d3cd3c6d7
Size

282KB
Sample

240603-1w26asae7z
MD5

1874f89dbe2a3164c41df05b2a5e692e
SHA1

fa350e3d9c5f20f2397bd773109f2c9c13d0c1b9
SHA256

5b59b48f0a2ced9ede68f7a63000d78b0504da16801d0498728e033d3cd3c6d7
SHA512

2a9297bb25855073d7d7c1d0198adce40169f8203989a7e2e5a48573b35bb9354c59e6ba2cf64c44fd42790b30cab99f576c8894072de76fee7dcfd10a508a3a
SSDEEP

3072:1wgBVdMoVJuQDO11uUEPdNKT+s25XEdygR8LojR+2dzvPgOp95C6beNvxb:egdMCLSEPdN51EdytqzdzJS6beNv

Score

10^/10

healer dropper evasion trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5b59b48f0a2ced9ede68f7a63000d78b0504da16801d0498728e033d3cd3c6d7.exe

Resource

win7-20240221-en

healer dropper evasion trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

5b59b48f0a2ced9ede68f7a63000d78b0504da16801d0498728e033d3cd3c6d7.exe

Resource

win10v2004-20240426-en

healer dropper evasion trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  5b59b48f0a2ced9ede68f7a63000d78b0504da16801d0498728e033d3cd3c6d7
- Size
  
  282KB
- MD5
  
  1874f89dbe2a3164c41df05b2a5e692e
- SHA1
  
  fa350e3d9c5f20f2397bd773109f2c9c13d0c1b9
- SHA256
  
  5b59b48f0a2ced9ede68f7a63000d78b0504da16801d0498728e033d3cd3c6d7
- SHA512
  
  2a9297bb25855073d7d7c1d0198adce40169f8203989a7e2e5a48573b35bb9354c59e6ba2cf64c44fd42790b30cab99f576c8894072de76fee7dcfd10a508a3a
- SSDEEP
  
  3072:1wgBVdMoVJuQDO11uUEPdNKT+s25XEdygR8LojR+2dzvPgOp95C6beNvxb:egdMCLSEPdN51EdytqzdzJS6beNv
Score

10^/10

healer dropper evasion trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Detects executables embedding registry key / value combination indicative of disabling Windows Defender features
- Windows security modification
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdropperevasiontrojan

behavioral2

healerdropperevasiontrojan

© 2018-2024

Terms | Privacy