healer | f4cc85dca2d86c385d7fd844c48877bf0cfa110e20157648e9c0605ddfbfe838 | Triage

Submit
Reports

Overview

overview

Static

static

3

ce96f10727...0N.exe

windows10-2004-x64

Sharing

General

Target

ce96f10727de48594a78825da39b34f0N.exe
Size

410KB
Sample

240716-rb5w1syfpe
MD5

ce96f10727de48594a78825da39b34f0
SHA1

e6b96b479ef41c4938dc27be6b6702dd02556efb
SHA256

f4cc85dca2d86c385d7fd844c48877bf0cfa110e20157648e9c0605ddfbfe838
SHA512

8facc3269ea8261c79aa9eb8962dedc513047fe5e3f0ab8bda777d975d4ec304f8041b6115efe96bc32f7219e50725d5f72be36415eaf609f9c3ab771a2dda0f
SSDEEP

6144:F7p0yN90QEHe3WMGsXtK59epswqXQuIXI9OtSQ6lANCGsKLvQ9lyYpX:Iy90gGjsX+9UqXQuMRCGsKjSwM

Score

10^/10

healer dropper evasion persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ce96f10727de48594a78825da39b34f0N.exe

Resource

win10v2004-20240709-en

healer dropper evasion persistence trojan

windows10-2004-x64

10 signatures

120 seconds

Malware Config

Targets

- Target
  
  ce96f10727de48594a78825da39b34f0N.exe
- Size
  
  410KB
- MD5
  
  ce96f10727de48594a78825da39b34f0
- SHA1
  
  e6b96b479ef41c4938dc27be6b6702dd02556efb
- SHA256
  
  f4cc85dca2d86c385d7fd844c48877bf0cfa110e20157648e9c0605ddfbfe838
- SHA512
  
  8facc3269ea8261c79aa9eb8962dedc513047fe5e3f0ab8bda777d975d4ec304f8041b6115efe96bc32f7219e50725d5f72be36415eaf609f9c3ab771a2dda0f
- SSDEEP
  
  6144:F7p0yN90QEHe3WMGsXtK59epswqXQuIXI9OtSQ6lANCGsKLvQ9lyYpX:Iy90gGjsX+9UqXQuMRCGsKjSwM
Score

10^/10

healer dropper evasion persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdropperevasionpersistencetrojan

© 2018-2024

Terms | Privacy