healer

General

Target

file.exe
Size

1.7MB
Sample

250212-xdjz8asnan
MD5

589a1a0d3db857cf2c927aa89fe7efda
SHA1

e2d59fc1645fda7b5f3122700b4b99a528f0279b
SHA256

5cdc74788b116d5917b41954b06637a7b328a56da0bc1756623edb4afe3448f9
SHA512

1c4dc0594016b8da455d12eea7b836708bef535fb7b447801d0b2330acfe8b240f16bfc509161650d027ac86040cb7ed3ae44518d8254383f8a18212c57fbcc0
SSDEEP

49152:c3VXtir6I62+r+zUZtt+2LgS8CZ+rQlj5nxqD:WG2I6mUZtR0HCArc5nI

Score

10^/10

Malware Config

Targets

- Target
  
  file.exe
- Size
  
  1.7MB
- MD5
  
  589a1a0d3db857cf2c927aa89fe7efda
- SHA1
  
  e2d59fc1645fda7b5f3122700b4b99a528f0279b
- SHA256
  
  5cdc74788b116d5917b41954b06637a7b328a56da0bc1756623edb4afe3448f9
- SHA512
  
  1c4dc0594016b8da455d12eea7b836708bef535fb7b447801d0b2330acfe8b240f16bfc509161650d027ac86040cb7ed3ae44518d8254383f8a18212c57fbcc0
- SSDEEP
  
  49152:c3VXtir6I62+r+zUZtt+2LgS8CZ+rQlj5nxqD:WG2I6mUZtR0HCArc5nI
Score

10^/10

healer defense_evasion discovery dropper evasion trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender DisableAntiSpyware settings
  evasion trojan
- Modifies Windows Defender Real-time Protection settings
  defense_evasion trojan
- Modifies Windows Defender TamperProtection settings
  evasion trojan
- Modifies Windows Defender notification settings
  defense_evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  defense_evasion
- Downloads MZ/PE file
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  defense_evasion
- Windows security modification
  defense_evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2