healer | b0d8ea8a7c583f4fac9a2640c5ee92698ccc03594a82266a915b2592f31647ab | Triage

Sharing

General

Target

b0d8ea8a7c583f4fac9a2640c5ee92698ccc03594a82266a915b2592f31647ab
Size

147KB
Sample

230721-2splgahe9z
MD5

e85022943579ce47b46d61abd939a2b0
SHA1

0416b8f36cdf2f7ceeed331726e11cf48713e93f
SHA256

b0d8ea8a7c583f4fac9a2640c5ee92698ccc03594a82266a915b2592f31647ab
SHA512

206f59a7891683b0be08645098275614eb9db8d9b91b7c8d793adcb70a12fb9ede6f66f099ba22685b6171095178708cbe45bc6ae19ed249ffdef74ca71cb659
SSDEEP

3072:KlZ3TFfpCRzzwQjiRb5welYpK23rlx4cLXfHXW:er8LjiRVwz86rPXW

Score

10^/10

healer dropper evasion trojan

Malware Config

Targets

- Target
  
  b0d8ea8a7c583f4fac9a2640c5ee92698ccc03594a82266a915b2592f31647ab
- Size
  
  147KB
- MD5
  
  e85022943579ce47b46d61abd939a2b0
- SHA1
  
  0416b8f36cdf2f7ceeed331726e11cf48713e93f
- SHA256
  
  b0d8ea8a7c583f4fac9a2640c5ee92698ccc03594a82266a915b2592f31647ab
- SHA512
  
  206f59a7891683b0be08645098275614eb9db8d9b91b7c8d793adcb70a12fb9ede6f66f099ba22685b6171095178708cbe45bc6ae19ed249ffdef74ca71cb659
- SSDEEP
  
  3072:KlZ3TFfpCRzzwQjiRb5welYpK23rlx4cLXfHXW:er8LjiRVwz86rPXW
Score

10^/10

healer dropper evasion trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Windows security modification
  evasion trojan
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdropperevasiontrojan