healer | e8df1172a0968bde0d5750f5867dc0519d8822a323b12b3093f01c816dfd3e6a | Triage

Submit
Reports

Overview

overview

Static

static

3

e8df1172a0...6a.exe

windows7-x64

e8df1172a0...6a.exe

windows10-2004-x64

Sharing

General

Target

e8df1172a0968bde0d5750f5867dc0519d8822a323b12b3093f01c816dfd3e6a.exe
Size

176KB
Sample

241119-rmmjtaxaqb
MD5

24b47949f50cb4edeef8fb463531dcba
SHA1

ee1d9c2f5d150cb8cf8f5fd978285f2fa1968c47
SHA256

e8df1172a0968bde0d5750f5867dc0519d8822a323b12b3093f01c816dfd3e6a
SHA512

d8aef83a66eac0a48c0fcd566d3bea62dba9c5975023b03d5f8d9ed2257e7bfced012e3e24ef98d6e1866bc39cad378769f2b987af1a46090d84061bc00e12ac
SSDEEP

3072:QDKW1LgppLRHMY0TBfJvjcTp5XUaeiDSP2R:QDKW1Lgbdl0TBBvjc/Tn2Pi

Score

10^/10

healer discovery dropper evasion trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e8df1172a0968bde0d5750f5867dc0519d8822a323b12b3093f01c816dfd3e6a.exe

Resource

win7-20240903-en

healer discovery dropper evasion trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

e8df1172a0968bde0d5750f5867dc0519d8822a323b12b3093f01c816dfd3e6a.exe

Resource

win10v2004-20241007-en

healer discovery dropper evasion trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  e8df1172a0968bde0d5750f5867dc0519d8822a323b12b3093f01c816dfd3e6a.exe
- Size
  
  176KB
- MD5
  
  24b47949f50cb4edeef8fb463531dcba
- SHA1
  
  ee1d9c2f5d150cb8cf8f5fd978285f2fa1968c47
- SHA256
  
  e8df1172a0968bde0d5750f5867dc0519d8822a323b12b3093f01c816dfd3e6a
- SHA512
  
  d8aef83a66eac0a48c0fcd566d3bea62dba9c5975023b03d5f8d9ed2257e7bfced012e3e24ef98d6e1866bc39cad378769f2b987af1a46090d84061bc00e12ac
- SSDEEP
  
  3072:QDKW1LgppLRHMY0TBfJvjcTp5XUaeiDSP2R:QDKW1Lgbdl0TBBvjc/Tn2Pi
Score

10^/10

healer discovery dropper evasion trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Windows security modification
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdiscoverydropperevasiontrojan

behavioral2

healerdiscoverydropperevasiontrojan

© 2018-2025

Terms | Privacy