healer

General

Target

def.exe
Size

2.7MB
Sample

250126-q2h99stqgp
MD5

f9c67f7876b530b350f0dd57dd80384e
SHA1

8df2553d31068af330f4e7089509c070dca7e0a8
SHA256

0e920db1f5eaf43156ede85ef3ca0ae46f9a25c7535bb64ac8059a7f4437ddd8
SHA512

ddbfc6a5237aa6004d3c266fd7a481f6512b6fed134411497cc2c02a7658b44c2f7ea6c2c44047f2ed5a7c855f32abdb8df13bd5f234fa8eac760b3dae4ef24e
SSDEEP

49152:ksENCpSggcIqDwFdgVX/S/JYh2ZlPSN3SiL4jp/OIP+pC:npSggcIqDwFdgVa/iWp/p

Score

10^/10

Malware Config

Targets

- Target
  
  def.exe
- Size
  
  2.7MB
- MD5
  
  f9c67f7876b530b350f0dd57dd80384e
- SHA1
  
  8df2553d31068af330f4e7089509c070dca7e0a8
- SHA256
  
  0e920db1f5eaf43156ede85ef3ca0ae46f9a25c7535bb64ac8059a7f4437ddd8
- SHA512
  
  ddbfc6a5237aa6004d3c266fd7a481f6512b6fed134411497cc2c02a7658b44c2f7ea6c2c44047f2ed5a7c855f32abdb8df13bd5f234fa8eac760b3dae4ef24e
- SSDEEP
  
  49152:ksENCpSggcIqDwFdgVX/S/JYh2ZlPSN3SiL4jp/OIP+pC:npSggcIqDwFdgVa/iWp/p
Score

10^/10

healer defense_evasion discovery dropper evasion trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender DisableAntiSpyware settings
  evasion trojan
- Modifies Windows Defender Real-time Protection settings
  defense_evasion trojan
- Modifies Windows Defender TamperProtection settings
  evasion trojan
- Modifies Windows Defender notification settings
  defense_evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  defense_evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  defense_evasion
- Windows security modification
  defense_evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2