healer | 155e2d08a4f23810a4d7784bac7dc2c42ed5242757b685f27c8ff8143a2ed562 | Triage

Submit
Reports

Overview

overview

Static

static

3

random.exe

windows10-2004-x64

random.exe

windows7-x64

Sharing

General

Target

random.exe
Size

2.7MB
Sample

250201-y5lhsszqfr
MD5

b371d530e55c6193d9a67acacfa95ce0
SHA1

6596c107a265b42bb6f3d6679f2addbf63a1d8d3
SHA256

155e2d08a4f23810a4d7784bac7dc2c42ed5242757b685f27c8ff8143a2ed562
SHA512

68d2c89f6c97eda5603b80c2221c9879c142d951af95289466928b0f92b172d8c76be8f8565fd46276cc6425dcdf4acbe064714b06f1b5424d274e9972e2c456
SSDEEP

49152:VHuFGX3r8WlKQQSG7ZHvYJT5UNIV/YLgGc9:VOFGX3r8WlK5z7JYJT5vYLA

Score

10^/10

healer defense_evasion discovery dropper evasion trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

random.exe

Resource

win10v2004-20250129-en

healer defense_evasion discovery dropper evasion trojan

windows10-2004-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

random.exe

Resource

win7-20240903-en

healer defense_evasion discovery dropper evasion trojan

windows7-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  random.exe
- Size
  
  2.7MB
- MD5
  
  b371d530e55c6193d9a67acacfa95ce0
- SHA1
  
  6596c107a265b42bb6f3d6679f2addbf63a1d8d3
- SHA256
  
  155e2d08a4f23810a4d7784bac7dc2c42ed5242757b685f27c8ff8143a2ed562
- SHA512
  
  68d2c89f6c97eda5603b80c2221c9879c142d951af95289466928b0f92b172d8c76be8f8565fd46276cc6425dcdf4acbe064714b06f1b5424d274e9972e2c456
- SSDEEP
  
  49152:VHuFGX3r8WlKQQSG7ZHvYJT5UNIV/YLgGc9:VOFGX3r8WlK5z7JYJT5vYLA
Score

10^/10

healer defense_evasion discovery dropper evasion trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender DisableAntiSpyware settings
  evasion trojan
- Modifies Windows Defender Real-time Protection settings
  defense_evasion trojan
- Modifies Windows Defender TamperProtection settings
  evasion trojan
- Modifies Windows Defender notification settings
  defense_evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  defense_evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  defense_evasion
- Windows security modification
  defense_evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdefense_evasiondiscoverydropperevasiontrojan

behavioral2

healerdefense_evasiondiscoverydropperevasiontrojan

© 2018-2025

Terms | Privacy