healer | 0acf6dc30535cf1ec098cda2a9d8e0687dd0a2852af3e685aac0e99182677259 | Triage

Submit
Reports

Overview

overview

Static

static

3

0acf6dc305...9N.exe

windows11-21h2-x64

Resubmissions

10-11-2024 17:00

241110-vhz6ws1fkc 10

10-11-2024 16:56

241110-vfsn2atqer 10

Sharing

General

Target

0acf6dc30535cf1ec098cda2a9d8e0687dd0a2852af3e685aac0e99182677259N
Size

405KB
Sample

241110-vhz6ws1fkc
MD5

c8fed0fa50014ddb18ad75f74d2e0e00
SHA1

c7ce6ef6413f991efa11284160e44067c7c19a3d
SHA256

0acf6dc30535cf1ec098cda2a9d8e0687dd0a2852af3e685aac0e99182677259
SHA512

0d3480d3d542f0d558f681c6d5127bdf2a94eaabc065c928ee21e0d8b26df5bbefc1b24fbf76cac3e3333f77cfbecec386976eea829dca2a1644b438b25e740b
SSDEEP

6144:6Sp0yN90QEilqnRgZqLtts1Pc9XuZm8yFwiqliBa+WytZuVrDrM:qy90cyKZqLt+16Xuew/i0egrXM

Score

10^/10

healer adware discovery dropper evasion persistence stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0acf6dc30535cf1ec098cda2a9d8e0687dd0a2852af3e685aac0e99182677259N.exe

Resource

win11-20241007-en

healer adware discovery dropper evasion persistence stealer trojan

windows11-21h2-x64

25 signatures

1800 seconds

Malware Config

Targets

- Target
  
  0acf6dc30535cf1ec098cda2a9d8e0687dd0a2852af3e685aac0e99182677259N
- Size
  
  405KB
- MD5
  
  c8fed0fa50014ddb18ad75f74d2e0e00
- SHA1
  
  c7ce6ef6413f991efa11284160e44067c7c19a3d
- SHA256
  
  0acf6dc30535cf1ec098cda2a9d8e0687dd0a2852af3e685aac0e99182677259
- SHA512
  
  0d3480d3d542f0d558f681c6d5127bdf2a94eaabc065c928ee21e0d8b26df5bbefc1b24fbf76cac3e3333f77cfbecec386976eea829dca2a1644b438b25e740b
- SSDEEP
  
  6144:6Sp0yN90QEilqnRgZqLtts1Pc9XuZm8yFwiqliBa+WytZuVrDrM:qy90cyKZqLt+16Xuew/i0egrXM
Score

10^/10

healer adware discovery dropper evasion persistence stealer trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Modifies Shared Task Scheduler registry keys
  persistence
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

healeradwarediscoverydropperevasionpersistencestealertrojan

© 2018-2024

Terms | Privacy