healer | c5b6ebfb8be419f8dd8d5f31bf40a0947dddf106964a43f1a2cc2d96d5832ac0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c5b6ebfb8be419f8dd8d5f31bf40a0947dddf106964a43f1a2cc2d96d5832ac0
Size

295KB
Sample

230716-j4vmraec8s
MD5

2193978240faf940c6a8a3ed4160a4b3
SHA1

70c51dabd7381fa59360f0109b83f4c3a77f3dfb
SHA256

c5b6ebfb8be419f8dd8d5f31bf40a0947dddf106964a43f1a2cc2d96d5832ac0
SHA512

b315aab8a5483765cbee3990cf6a4c2aeeddd1b58cb40947247cbd1546b3686c85f9a185d75c33a0d22647cc78dde77294e01bcbf3198db339837f58d3352ca7
SSDEEP

6144:DvMhsemFqxtlCNRCdypPxiK4fsWI43e5p+w01U1jEEQ6:whszR/mOiK4v3ensU1jEB

Score

10^/10

healer dropper evasion trojan

Malware Config

Targets

- Target
  
  c5b6ebfb8be419f8dd8d5f31bf40a0947dddf106964a43f1a2cc2d96d5832ac0
- Size
  
  295KB
- MD5
  
  2193978240faf940c6a8a3ed4160a4b3
- SHA1
  
  70c51dabd7381fa59360f0109b83f4c3a77f3dfb
- SHA256
  
  c5b6ebfb8be419f8dd8d5f31bf40a0947dddf106964a43f1a2cc2d96d5832ac0
- SHA512
  
  b315aab8a5483765cbee3990cf6a4c2aeeddd1b58cb40947247cbd1546b3686c85f9a185d75c33a0d22647cc78dde77294e01bcbf3198db339837f58d3352ca7
- SSDEEP
  
  6144:DvMhsemFqxtlCNRCdypPxiK4fsWI43e5p+w01U1jEEQ6:whszR/mOiK4v3ensU1jEB
Score

10^/10

healer dropper evasion trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Windows security modification
  evasion trojan
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdropperevasiontrojan