healer | ec3a6e29f92fc7c90481d585229ed6a4ce28f0e97003b86439fbe3c53c1ada51 | Triage

Submit
Reports

Overview

overview

Static

static

3

random.exe

windows7-x64

random.exe

windows10-2004-x64

Sharing

General

Target

random.exe
Size

2.7MB
Sample

250207-sxlkyawndt
MD5

ea88f12c71ca738e6f60e6043009d593
SHA1

013daac987414de9ba077911bd465b48353253f0
SHA256

ec3a6e29f92fc7c90481d585229ed6a4ce28f0e97003b86439fbe3c53c1ada51
SHA512

f493c6a0ab0a1e7d8ffb071a241cc2113d312cd02064a590939cda4b8e82379142806caead7cd13f8d37b716f31f80466a8e96a523376f6743e10c87450b61e7
SSDEEP

49152:mog3vuykBOEik1ISz3SH8Pft/quUcrzlJSAj7n:jmvuyksEikV3zPQ03d

Score

10^/10

healer defense_evasion discovery dropper evasion trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

random.exe

Resource

win7-20240903-en

healer defense_evasion discovery dropper evasion trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

random.exe

Resource

win10v2004-20250129-en

healer defense_evasion discovery dropper evasion trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  random.exe
- Size
  
  2.7MB
- MD5
  
  ea88f12c71ca738e6f60e6043009d593
- SHA1
  
  013daac987414de9ba077911bd465b48353253f0
- SHA256
  
  ec3a6e29f92fc7c90481d585229ed6a4ce28f0e97003b86439fbe3c53c1ada51
- SHA512
  
  f493c6a0ab0a1e7d8ffb071a241cc2113d312cd02064a590939cda4b8e82379142806caead7cd13f8d37b716f31f80466a8e96a523376f6743e10c87450b61e7
- SSDEEP
  
  49152:mog3vuykBOEik1ISz3SH8Pft/quUcrzlJSAj7n:jmvuyksEikV3zPQ03d
Score

10^/10

healer defense_evasion discovery dropper evasion trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender DisableAntiSpyware settings
  evasion trojan
- Modifies Windows Defender Real-time Protection settings
  defense_evasion trojan
- Modifies Windows Defender TamperProtection settings
  evasion trojan
- Modifies Windows Defender notification settings
  defense_evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  defense_evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  defense_evasion
- Windows security modification
  defense_evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdefense_evasiondiscoverydropperevasiontrojan

behavioral2

healerdefense_evasiondiscoverydropperevasiontrojan

© 2018-2025

Terms | Privacy