Overview

overview

10

Static

static

3

0477084ff8...54.exe

windows10-2004-x64

10

0477084ff8...54.exe

windows11-21h2-x64

10

Resubmissions

17/04/2025, 18:24

250417-w12ywaznw7 10

17/04/2025, 16:55

250417-vffpgaxms7 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    21997981323.zip

  • Size

    1.7MB

  • Sample

    250417-w12ywaznw7

  • MD5

    5c28b865230811799f234fb65acb2f8c

  • SHA1

    d2da510a2a7f8291dd0aeadc8ce46cef74c35e49

  • SHA256

    ac30fb256eba54793a7b7c78e22bef60f92906ac70472125a12912abc9d0628f

  • SHA512

    d3693fac56978580f42752d388d8bdb3241e024142b48725ef6925924c7a237012c97cb494e2ced2c3c1f49edd12cd9c21f6c642e13373dead998bd66cd7838f

  • SSDEEP

    49152:viAIXUS7H3k+8/3/q4dQ+UXV+33BmscMV:viAIp7Xk+6PqCQ+gg3YUV

Score
10/10
healerdefense_evasiondiscoverydropperevasiontrojan

Malware Config

Targets

    • Target

      0477084ff821bcaedeb54e50af909ba33ed6a1c5fe711f44c3923753bbb47854

    • Size

      1.7MB

    • MD5

      f79b7b1e6fd2d4d9597af548188a29ae

    • SHA1

      b318a3b417fa61986633972a3e698f89274f4d66

    • SHA256

      0477084ff821bcaedeb54e50af909ba33ed6a1c5fe711f44c3923753bbb47854

    • SHA512

      59cee75a7e2d261865eebabe963a4579cc8112f369ef26bd450afe5f03c8f342630ebae29e6ab6186d9dce62547aa4c725cc83ed5b1214be611e3429b838a9eb

    • SSDEEP

      24576:j5HsEPnYzwo6DwZ3HJy+ugJiqW4OkS8yan/OOgO53SrEVRvv3aDNbVe7eC+MDRXN:VsleMZ3p6IShEgi6EfH3iulDRic

    Score
    10/10
    healerdefense_evasiondiscoverydropperevasiontrojan

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Healer family

      healer

    • Modifies Windows Defender DisableAntiSpyware settings

      evasiontrojan

    • Modifies Windows Defender Real-time Protection settings

      defense_evasiontrojan

    • Modifies Windows Defender TamperProtection settings

      evasiontrojan

    • Modifies Windows Defender notification settings

      defense_evasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      defense_evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      defense_evasion

    • Windows security modification

      defense_evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v16

Tasks