healer | 654ed92fb6755d8900f076587e1880f2f8d86c494f12bb1bc88551038b76013c | Triage

Submit
Reports

Overview

overview

Static

static

3

654ed92fb6...3c.exe

windows7-x64

654ed92fb6...3c.exe

windows10-2004-x64

Sharing

General

Target

654ed92fb6755d8900f076587e1880f2f8d86c494f12bb1bc88551038b76013c.exe
Size

178KB
Sample

241203-r8y5qszkgz
MD5

86471ed33e3837f7817dfb7d6a56de16
SHA1

2c148cffaa35615e04b61f61d0457d889bfd17af
SHA256

654ed92fb6755d8900f076587e1880f2f8d86c494f12bb1bc88551038b76013c
SHA512

ba5b6f3a5778eb46c8851edce9cb9492b9401dd018921dcd30f3a363cd86e8d8573460848ef4b3dbef584f5a83818cb54cb5df886eace2f2e70884da3316e8c4
SSDEEP

3072:pDKW1LgppLRHMY0TBfJvjcTp5XZpa8nqeo7Qbeues6Y5:pDKW1Lgbdl0TBBvjc/S81Suesb

Score

10^/10

healer discovery dropper evasion trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

654ed92fb6755d8900f076587e1880f2f8d86c494f12bb1bc88551038b76013c.exe

Resource

win7-20241023-en

healer discovery dropper evasion trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

654ed92fb6755d8900f076587e1880f2f8d86c494f12bb1bc88551038b76013c.exe

Resource

win10v2004-20241007-en

healer discovery dropper evasion trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  654ed92fb6755d8900f076587e1880f2f8d86c494f12bb1bc88551038b76013c.exe
- Size
  
  178KB
- MD5
  
  86471ed33e3837f7817dfb7d6a56de16
- SHA1
  
  2c148cffaa35615e04b61f61d0457d889bfd17af
- SHA256
  
  654ed92fb6755d8900f076587e1880f2f8d86c494f12bb1bc88551038b76013c
- SHA512
  
  ba5b6f3a5778eb46c8851edce9cb9492b9401dd018921dcd30f3a363cd86e8d8573460848ef4b3dbef584f5a83818cb54cb5df886eace2f2e70884da3316e8c4
- SSDEEP
  
  3072:pDKW1LgppLRHMY0TBfJvjcTp5XZpa8nqeo7Qbeues6Y5:pDKW1Lgbdl0TBBvjc/S81Suesb
Score

10^/10

healer discovery dropper evasion trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Windows security modification
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdiscoverydropperevasiontrojan

behavioral2

healerdiscoverydropperevasiontrojan

© 2018-2024

Terms | Privacy