healer | 11b9dcedc4fc0bb7b618728ceb74948b5e28f7d17097a354d0e5098f39bc0451 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

11b9dcedc4fc0bb7b618728ceb74948b5e28f7d17097a354d0e5098f39bc0451
Size

294KB
Sample

230715-lmvbrsac6t
MD5

2294592b99296f2cb07136f82f813079
SHA1

65b52f89c994ac5cf7047ffee71e03b188b5188b
SHA256

11b9dcedc4fc0bb7b618728ceb74948b5e28f7d17097a354d0e5098f39bc0451
SHA512

0136d2603a72461debe179a2ebfca59d03b74c327e200c9ce8baaeb7fba568bae6e4fb2ad56f114900b9754b7ffb4f74581ae5e38d65a606048139c18eb4bc7f
SSDEEP

6144:9bflGmFaxvLdItzPSqgGYSTRYbK4lIwcdrMm7RD4ai59biKvQP/mc:9bflLTbpxCK4l7srMm+R59biKvQW

Score

10^/10

healer dropper evasion trojan

Malware Config

Targets

- Target
  
  11b9dcedc4fc0bb7b618728ceb74948b5e28f7d17097a354d0e5098f39bc0451
- Size
  
  294KB
- MD5
  
  2294592b99296f2cb07136f82f813079
- SHA1
  
  65b52f89c994ac5cf7047ffee71e03b188b5188b
- SHA256
  
  11b9dcedc4fc0bb7b618728ceb74948b5e28f7d17097a354d0e5098f39bc0451
- SHA512
  
  0136d2603a72461debe179a2ebfca59d03b74c327e200c9ce8baaeb7fba568bae6e4fb2ad56f114900b9754b7ffb4f74581ae5e38d65a606048139c18eb4bc7f
- SSDEEP
  
  6144:9bflGmFaxvLdItzPSqgGYSTRYbK4lIwcdrMm7RD4ai59biKvQP/mc:9bflLTbpxCK4l7srMm+R59biKvQW
Score

10^/10

healer dropper evasion trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Windows security modification
  evasion trojan
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdropperevasiontrojan