healer | b1f4801cf9033987a2e212ce20fa18963f4778e116d7f3ca0612991aa7f7e3b1 | Triage

Sharing

General

Target

392febb1bcb51ffd4a9019f2aa7fba82.exe
Size

530KB
Sample

230712-hnmrjadc7v
MD5

392febb1bcb51ffd4a9019f2aa7fba82
SHA1

e9ad51d6043f0ccc93829e084f3e9440d6317a38
SHA256

b1f4801cf9033987a2e212ce20fa18963f4778e116d7f3ca0612991aa7f7e3b1
SHA512

604f67d12926fd55413908b4c0524321001c29ee7bd700bef49e2dbb78ffcc072621fb57310b256a9cd83df9d4133c2313c35fd8fa6344b71bc781b51e9b454d
SSDEEP

12288:FiICSVtg0wBW3iFt4ONq30/4St2NBd0JoLdaoi9Bbk:FBbVTb34k30/8dRi9

Score

10^/10

healer dropper evasion trojan

Malware Config

Targets

- Target
  
  392febb1bcb51ffd4a9019f2aa7fba82.exe
- Size
  
  530KB
- MD5
  
  392febb1bcb51ffd4a9019f2aa7fba82
- SHA1
  
  e9ad51d6043f0ccc93829e084f3e9440d6317a38
- SHA256
  
  b1f4801cf9033987a2e212ce20fa18963f4778e116d7f3ca0612991aa7f7e3b1
- SHA512
  
  604f67d12926fd55413908b4c0524321001c29ee7bd700bef49e2dbb78ffcc072621fb57310b256a9cd83df9d4133c2313c35fd8fa6344b71bc781b51e9b454d
- SSDEEP
  
  12288:FiICSVtg0wBW3iFt4ONq30/4St2NBd0JoLdaoi9Bbk:FBbVTb34k30/8dRi9
Score

10^/10

healer dropper evasion trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Windows security modification
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdropperevasiontrojan

behavioral2

healerdropperevasiontrojan