healer | 51a526999eec9ac9fc1a55f48e2eb6936c80bf130dfd8423b4d05b87fccb60b7 | Triage

Submit
Reports

Overview

overview

Static

static

1

51a526999e...b7.exe

windows7-x64

51a526999e...b7.exe

windows10-2004-x64

Sharing

General

Target

51a526999eec9ac9fc1a55f48e2eb6936c80bf130dfd8423b4d05b87fccb60b7
Size

121KB
Sample

250205-2zhfqsvmey
MD5

001a39ec1f3a1b62304d3c015d8c90c7
SHA1

226ff896916f352b108c2120dd94728ef42ef8df
SHA256

51a526999eec9ac9fc1a55f48e2eb6936c80bf130dfd8423b4d05b87fccb60b7
SHA512

2a0fe4ef1ac4049835aa2e22b0be68ae87ff5803867f7ecbf16433a1a55b6b26afe2dc8c397441fa80c9e44445da4793236e9bb82afaa4e8d1c57ee505ecccc9
SSDEEP

3072:h9QLdsON8xxwaTq29LzLAGtrLfWvX8oyhuWVFrag1shbortvx:3QLvN8VTjAGtoWVFmZhUrt

Score

10^/10

healer defense_evasion discovery dropper evasion trojan

Static task

static1

Behavioral task

behavioral1

Sample

51a526999eec9ac9fc1a55f48e2eb6936c80bf130dfd8423b4d05b87fccb60b7.exe

Resource

win7-20241010-en

healer defense_evasion discovery dropper evasion trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

51a526999eec9ac9fc1a55f48e2eb6936c80bf130dfd8423b4d05b87fccb60b7.exe

Resource

win10v2004-20250129-en

healer defense_evasion discovery dropper evasion trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  51a526999eec9ac9fc1a55f48e2eb6936c80bf130dfd8423b4d05b87fccb60b7
- Size
  
  121KB
- MD5
  
  001a39ec1f3a1b62304d3c015d8c90c7
- SHA1
  
  226ff896916f352b108c2120dd94728ef42ef8df
- SHA256
  
  51a526999eec9ac9fc1a55f48e2eb6936c80bf130dfd8423b4d05b87fccb60b7
- SHA512
  
  2a0fe4ef1ac4049835aa2e22b0be68ae87ff5803867f7ecbf16433a1a55b6b26afe2dc8c397441fa80c9e44445da4793236e9bb82afaa4e8d1c57ee505ecccc9
- SSDEEP
  
  3072:h9QLdsON8xxwaTq29LzLAGtrLfWvX8oyhuWVFrag1shbortvx:3QLvN8VTjAGtoWVFmZhUrt
Score

10^/10

healer defense_evasion discovery dropper evasion trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender DisableAntiSpyware settings
  evasion trojan
- Modifies Windows Defender Real-time Protection settings
  defense_evasion trojan
- Modifies Windows Defender TamperProtection settings
  evasion trojan
- Modifies Windows Defender notification settings
  defense_evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdefense_evasiondiscoverydropperevasiontrojan

behavioral2

healerdefense_evasiondiscoverydropperevasiontrojan

© 2018-2025

Terms | Privacy