healer | 66c7d1f2994cff9885d87349f6183439fdf0e40f1a67524ab54c4680d3ba4bac | Triage

Submit
Reports

Overview

overview

Static

static

3

66c7d1f299...ac.exe

windows10-2004-x64

Sharing

General

Target

66c7d1f2994cff9885d87349f6183439fdf0e40f1a67524ab54c4680d3ba4bac.exe
Size

338KB
Sample

241124-zm5dmavmen
MD5

491342491181a62ad4aef8c0c4f900b6
SHA1

b3219fa9fc5d71f32b074ece8f799be11e8c8d54
SHA256

66c7d1f2994cff9885d87349f6183439fdf0e40f1a67524ab54c4680d3ba4bac
SHA512

a1b6afad6604b46739227bcd112eac666b534bd26a521fd225688c15206b5e2d7b83dcfffdbdfd786b8a31ab1e9f2dce68aa65006066bfac09c23a3d81a5cf5d
SSDEEP

6144:Kzy+bnr++p0yN90QEt5pR3JNqXpmESRHQPgxS3AIgRfq8scWWbe9pDi:BMrOy90f5jsmtRwPgxS3lgRmx9i

Score

10^/10

healer discovery dropper evasion persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

66c7d1f2994cff9885d87349f6183439fdf0e40f1a67524ab54c4680d3ba4bac.exe

Resource

win10v2004-20241007-en

healer discovery dropper evasion persistence trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  66c7d1f2994cff9885d87349f6183439fdf0e40f1a67524ab54c4680d3ba4bac.exe
- Size
  
  338KB
- MD5
  
  491342491181a62ad4aef8c0c4f900b6
- SHA1
  
  b3219fa9fc5d71f32b074ece8f799be11e8c8d54
- SHA256
  
  66c7d1f2994cff9885d87349f6183439fdf0e40f1a67524ab54c4680d3ba4bac
- SHA512
  
  a1b6afad6604b46739227bcd112eac666b534bd26a521fd225688c15206b5e2d7b83dcfffdbdfd786b8a31ab1e9f2dce68aa65006066bfac09c23a3d81a5cf5d
- SSDEEP
  
  6144:Kzy+bnr++p0yN90QEt5pR3JNqXpmESRHQPgxS3AIgRfq8scWWbe9pDi:BMrOy90f5jsmtRwPgxS3lgRmx9i
Score

10^/10

healer discovery dropper evasion persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdiscoverydropperevasionpersistencetrojan

© 2018-2025

Terms | Privacy