healer

General

Target

4b7c38444829d6855d48a61e2080b8c9379e8cbbeafce33e8eff4e943c84510b
Size

1.7MB
Sample

250219-m6a8ns1my7
MD5

3963185d1d34d5c0a6fc71d671b27be0
SHA1

18fc3d60fe60bb7f89e24b24a852d28cbfb39470
SHA256

4b7c38444829d6855d48a61e2080b8c9379e8cbbeafce33e8eff4e943c84510b
SHA512

a17784c52456b2a911a3523628092aa6b941e1af3ea2f880039c336605bd5993ebae10fdc42920c70034e1a42a4add80d1cb8e4e3f4c2ae11e9cb4cf4890b9fa
SSDEEP

49152:ylfz25BSakGGAjdgg14NeQO53o44Rsrv/B7:y9z2fSakM/1kvO53F4u3

Score

10^/10

Malware Config

Targets

- Target
  
  4b7c38444829d6855d48a61e2080b8c9379e8cbbeafce33e8eff4e943c84510b
- Size
  
  1.7MB
- MD5
  
  3963185d1d34d5c0a6fc71d671b27be0
- SHA1
  
  18fc3d60fe60bb7f89e24b24a852d28cbfb39470
- SHA256
  
  4b7c38444829d6855d48a61e2080b8c9379e8cbbeafce33e8eff4e943c84510b
- SHA512
  
  a17784c52456b2a911a3523628092aa6b941e1af3ea2f880039c336605bd5993ebae10fdc42920c70034e1a42a4add80d1cb8e4e3f4c2ae11e9cb4cf4890b9fa
- SSDEEP
  
  49152:ylfz25BSakGGAjdgg14NeQO53o44Rsrv/B7:y9z2fSakM/1kvO53F4u3
Score

10^/10

healer defense_evasion discovery dropper evasion trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender DisableAntiSpyware settings
  evasion trojan
- Modifies Windows Defender Real-time Protection settings
  defense_evasion trojan
- Modifies Windows Defender TamperProtection settings
  evasion trojan
- Modifies Windows Defender notification settings
  defense_evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  defense_evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  defense_evasion
- Windows security modification
  defense_evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2