healer | c81a490140560f8ed8b3de6085bbf12a4e7656d151d7561c1df026076eaba7b6 | Triage

Sharing

General

Target

c81a490140560f8ed8b3de6085bbf12a4e7656d151d7561c1df026076eaba7b6
Size

147KB
Sample

230720-r4xq4shf71
MD5

2aae2be9ca2318233a79a7af71e03abd
SHA1

961d5ec3192a26abe32d2f885f27e8059ba15564
SHA256

c81a490140560f8ed8b3de6085bbf12a4e7656d151d7561c1df026076eaba7b6
SHA512

a8dc3fd8868d5b432cc1264dc788b13dd62fbe5bf8f342e1d7a52db279e98adcbc0a6ef6b58975cc25ffa70a953e46e87750c1606986c8a38e0c7e6b84f10f20
SSDEEP

3072:KlZ3TFfpCRzzwQjiRb5welYpK23rlx4cLXfHXW:er8LjiRVwz86rPXW

Score

10^/10

healer dropper evasion trojan

Malware Config

Targets

- Target
  
  c81a490140560f8ed8b3de6085bbf12a4e7656d151d7561c1df026076eaba7b6
- Size
  
  147KB
- MD5
  
  2aae2be9ca2318233a79a7af71e03abd
- SHA1
  
  961d5ec3192a26abe32d2f885f27e8059ba15564
- SHA256
  
  c81a490140560f8ed8b3de6085bbf12a4e7656d151d7561c1df026076eaba7b6
- SHA512
  
  a8dc3fd8868d5b432cc1264dc788b13dd62fbe5bf8f342e1d7a52db279e98adcbc0a6ef6b58975cc25ffa70a953e46e87750c1606986c8a38e0c7e6b84f10f20
- SSDEEP
  
  3072:KlZ3TFfpCRzzwQjiRb5welYpK23rlx4cLXfHXW:er8LjiRVwz86rPXW
Score

10^/10

healer dropper evasion trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Windows security modification
  evasion trojan
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdropperevasiontrojan