healer | 0cef7cf38508848f39dcbaa08fbae679f87a17a1337780f1c7f385e34b759b52 | Triage

Sharing

General

Target

k1011590exeexeexeexeexe.exe
Size

104KB
Sample

230711-wqmq7sad56
MD5

8b4f357bcd3a13fe9c41771d3505b217
SHA1

8534d233934b4e88b7d262555caabe1035dc7b11
SHA256

0cef7cf38508848f39dcbaa08fbae679f87a17a1337780f1c7f385e34b759b52
SHA512

845001f3abf499d9f999ffd3beed2313995d0f6f134bdf79a0ba88bb43e1f76e3ed0f8c19b7274061127962ccd172933309ed0a86d38b3da5bde1e3a7401c245
SSDEEP

3072:3FIBiqpSMYOgVd8bBZbQkL4d0VfJI/m3xfx:1QvoigfeZkU3

Score

10^/10

healer dropper evasion trojan

Malware Config

Targets

- Target
  
  k1011590exeexeexeexeexe.exe
- Size
  
  104KB
- MD5
  
  8b4f357bcd3a13fe9c41771d3505b217
- SHA1
  
  8534d233934b4e88b7d262555caabe1035dc7b11
- SHA256
  
  0cef7cf38508848f39dcbaa08fbae679f87a17a1337780f1c7f385e34b759b52
- SHA512
  
  845001f3abf499d9f999ffd3beed2313995d0f6f134bdf79a0ba88bb43e1f76e3ed0f8c19b7274061127962ccd172933309ed0a86d38b3da5bde1e3a7401c245
- SSDEEP
  
  3072:3FIBiqpSMYOgVd8bBZbQkL4d0VfJI/m3xfx:1QvoigfeZkU3
Score

10^/10

healer dropper evasion trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Windows security modification
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdropperevasiontrojan

behavioral2

healerdropperevasiontrojan