healer | b6fab007c7f41318c3aed49580e0c2cba80f7c729afe08c61880e4076e42e007 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b6fab007c7f41318c3aed49580e0c2cba80f7c729afe08c61880e4076e42e007
Size

147KB
Sample

230719-thdr8ahf25
MD5

bc130892fec0ba30209e94d62a654f2e
SHA1

4008e000abe7dcabf0638e51a94c024b8681a2e1
SHA256

b6fab007c7f41318c3aed49580e0c2cba80f7c729afe08c61880e4076e42e007
SHA512

beb2251b1a1a38b9bbc559794f1cae938aaf9111e8fd0f4b888682c4a1455953449f6b0d48b8867b79d01d22023af5942bdaa4a16bb82b0067e5e0b3d5a2ee98
SSDEEP

3072:KlZ3TFfpCRzzwQjiRb5welYpK23rlx4cLXfHXW:er8LjiRVwz86rPXW

Score

10^/10

healer dropper evasion trojan

Malware Config

Targets

- Target
  
  b6fab007c7f41318c3aed49580e0c2cba80f7c729afe08c61880e4076e42e007
- Size
  
  147KB
- MD5
  
  bc130892fec0ba30209e94d62a654f2e
- SHA1
  
  4008e000abe7dcabf0638e51a94c024b8681a2e1
- SHA256
  
  b6fab007c7f41318c3aed49580e0c2cba80f7c729afe08c61880e4076e42e007
- SHA512
  
  beb2251b1a1a38b9bbc559794f1cae938aaf9111e8fd0f4b888682c4a1455953449f6b0d48b8867b79d01d22023af5942bdaa4a16bb82b0067e5e0b3d5a2ee98
- SSDEEP
  
  3072:KlZ3TFfpCRzzwQjiRb5welYpK23rlx4cLXfHXW:er8LjiRVwz86rPXW
Score

10^/10

healer dropper evasion trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Windows security modification
  evasion trojan
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdropperevasiontrojan