healer | 94f0dedd4d9a058dc5a5f91c374f2146b593f22a8a55e8f97cf1cf04a01cbdaa | Triage

Sharing

Copy URL Twitter E-mail

General

Target

94f0dedd4d9a058dc5a5f91c374f2146b593f22a8a55e8f97cf1cf04a01cbdaa
Size

147KB
Sample

230721-hggxpsda81
MD5

dea603d02bd282e0ca74d9f4e02336a9
SHA1

fdb6a1b9cc6f8c211a0f26d39326c1676680003b
SHA256

94f0dedd4d9a058dc5a5f91c374f2146b593f22a8a55e8f97cf1cf04a01cbdaa
SHA512

c3dfffbdadba53af70b013a139344901682fc244cc40b8a0bca93702526de1aa09296c393f76dcd980b858811c9cdf59dd2e65c10b03ecb114da127879fcb4fe
SSDEEP

3072:KlZ3TFfpCRzzwQjiRb5welYpK23rlx4cLXfHXW:er8LjiRVwz86rPXW

Score

10^/10

healer dropper evasion trojan

Malware Config

Targets

- Target
  
  94f0dedd4d9a058dc5a5f91c374f2146b593f22a8a55e8f97cf1cf04a01cbdaa
- Size
  
  147KB
- MD5
  
  dea603d02bd282e0ca74d9f4e02336a9
- SHA1
  
  fdb6a1b9cc6f8c211a0f26d39326c1676680003b
- SHA256
  
  94f0dedd4d9a058dc5a5f91c374f2146b593f22a8a55e8f97cf1cf04a01cbdaa
- SHA512
  
  c3dfffbdadba53af70b013a139344901682fc244cc40b8a0bca93702526de1aa09296c393f76dcd980b858811c9cdf59dd2e65c10b03ecb114da127879fcb4fe
- SSDEEP
  
  3072:KlZ3TFfpCRzzwQjiRb5welYpK23rlx4cLXfHXW:er8LjiRVwz86rPXW
Score

10^/10

healer dropper evasion trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Windows security modification
  evasion trojan
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdropperevasiontrojan