healer | 1e1ef8c72cac3656673574b60a8a20b960936d65a7d3a1756aa6654b08cb9e91 | Triage

Sharing

General

Target

1e1ef8c72cac3656673574b60a8a20b960936d65a7d3a1756aa6654b08cb9e91
Size

147KB
Sample

230720-xqvbqaaf81
MD5

80c51a4d0215cac0c13a591fefd82c57
SHA1

d71161d56ab6c9b00978e5a526a2f7f738cbb1e0
SHA256

1e1ef8c72cac3656673574b60a8a20b960936d65a7d3a1756aa6654b08cb9e91
SHA512

fe0fbfcf09bc9d5f8bba5fad6283a45805254ddd4772cf493e937d5364c4f01f51ec59276cd52b6c84e3829eb9e206cf5f5e58dd4b070a0535e12e595cf5f8d2
SSDEEP

3072:KlZ3TFfpCRzzwQjiRb5welYpK23rlx4cLXfHXW:er8LjiRVwz86rPXW

Score

10^/10

healer dropper evasion trojan

Malware Config

Targets

- Target
  
  1e1ef8c72cac3656673574b60a8a20b960936d65a7d3a1756aa6654b08cb9e91
- Size
  
  147KB
- MD5
  
  80c51a4d0215cac0c13a591fefd82c57
- SHA1
  
  d71161d56ab6c9b00978e5a526a2f7f738cbb1e0
- SHA256
  
  1e1ef8c72cac3656673574b60a8a20b960936d65a7d3a1756aa6654b08cb9e91
- SHA512
  
  fe0fbfcf09bc9d5f8bba5fad6283a45805254ddd4772cf493e937d5364c4f01f51ec59276cd52b6c84e3829eb9e206cf5f5e58dd4b070a0535e12e595cf5f8d2
- SSDEEP
  
  3072:KlZ3TFfpCRzzwQjiRb5welYpK23rlx4cLXfHXW:er8LjiRVwz86rPXW
Score

10^/10

healer dropper evasion trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Windows security modification
  evasion trojan
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdropperevasiontrojan