healer | 528e8dac4ff0df3930ec8dd8f75750fafac01769bf06730646fc3a0e83a336aa | Triage

Sharing

Copy URL Twitter E-mail

General

Target

528e8dac4ff0df3930ec8dd8f75750fafac01769bf06730646fc3a0e83a336aa
Size

147KB
Sample

230721-gkzq9acb89
MD5

04209204ada6b65e4f032daa160338f0
SHA1

30915d8ea64105fe439028850905bd903e0a46a1
SHA256

528e8dac4ff0df3930ec8dd8f75750fafac01769bf06730646fc3a0e83a336aa
SHA512

c09e4d5a0327a66ab900c5a46122e258c20eca8b34c2cfa001397a80104cb5902810e5560b887145ca337dc2f906259f9c400bd0a98bf68ef689212d856453fd
SSDEEP

3072:KlZ3TFfpCRzzwQjiRb5welYpK23rlx4cLXfHXW:er8LjiRVwz86rPXW

Score

10^/10

healer dropper evasion trojan

Malware Config

Targets

- Target
  
  528e8dac4ff0df3930ec8dd8f75750fafac01769bf06730646fc3a0e83a336aa
- Size
  
  147KB
- MD5
  
  04209204ada6b65e4f032daa160338f0
- SHA1
  
  30915d8ea64105fe439028850905bd903e0a46a1
- SHA256
  
  528e8dac4ff0df3930ec8dd8f75750fafac01769bf06730646fc3a0e83a336aa
- SHA512
  
  c09e4d5a0327a66ab900c5a46122e258c20eca8b34c2cfa001397a80104cb5902810e5560b887145ca337dc2f906259f9c400bd0a98bf68ef689212d856453fd
- SSDEEP
  
  3072:KlZ3TFfpCRzzwQjiRb5welYpK23rlx4cLXfHXW:er8LjiRVwz86rPXW
Score

10^/10

healer dropper evasion trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Windows security modification
  evasion trojan
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdropperevasiontrojan