healer | d21d973de818803caac8dd386c32a0f7b0443a2486f4dc4067bf7014c9be9ae8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d21d973de818803caac8dd386c32a0f7b0443a2486f4dc4067bf7014c9be9ae8
Size

147KB
Sample

230721-sk2fmafb57
MD5

dcfa74101376b10cb90a4c2ae3c08aef
SHA1

0046e7c72dd7cbfd45aaba32f8225563b322c176
SHA256

d21d973de818803caac8dd386c32a0f7b0443a2486f4dc4067bf7014c9be9ae8
SHA512

f75da2a4056cf4eb7221087a22d57ada3897287d7f9f1a82dd27cee983fc99ea705a6a1df687619ab7ebbbb364eb4baa0a506f827cda5f1e40605c4a3a4f1382
SSDEEP

3072:KlZ3TFfpCRzzwQjiRb5welYpK23rlx4cLXfHXW:er8LjiRVwz86rPXW

Score

10^/10

healer dropper evasion trojan

Malware Config

Targets

- Target
  
  d21d973de818803caac8dd386c32a0f7b0443a2486f4dc4067bf7014c9be9ae8
- Size
  
  147KB
- MD5
  
  dcfa74101376b10cb90a4c2ae3c08aef
- SHA1
  
  0046e7c72dd7cbfd45aaba32f8225563b322c176
- SHA256
  
  d21d973de818803caac8dd386c32a0f7b0443a2486f4dc4067bf7014c9be9ae8
- SHA512
  
  f75da2a4056cf4eb7221087a22d57ada3897287d7f9f1a82dd27cee983fc99ea705a6a1df687619ab7ebbbb364eb4baa0a506f827cda5f1e40605c4a3a4f1382
- SSDEEP
  
  3072:KlZ3TFfpCRzzwQjiRb5welYpK23rlx4cLXfHXW:er8LjiRVwz86rPXW
Score

10^/10

healer dropper evasion trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Windows security modification
  evasion trojan
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdropperevasiontrojan