healer | 8203bbe81c23ed7c9ecb5479c1b9dc15ed12a9a68e6202fad6e9ff57c8f51b4c | Triage

Sharing

General

Target

8203bbe81c23ed7c9ecb5479c1b9dc15ed12a9a68e6202fad6e9ff57c8f51b4c
Size

147KB
Sample

230721-y2m78agh27
MD5

d5778e6eaec8dffc3d6abce4b017c864
SHA1

d43f30fa54ce2c32600d2bde7e5c8ab7fa024ada
SHA256

8203bbe81c23ed7c9ecb5479c1b9dc15ed12a9a68e6202fad6e9ff57c8f51b4c
SHA512

446b153c040242ee6deecd7f793e506b3101823a4dfcab08864cef5d9dfc48689daaed7ede85841c574db8fcf608b22621b41ee42108bc684ccb6d5bdaceac4a
SSDEEP

3072:KlZ3TFfpCRzzwQjiRb5welYpK23rlx4cLXfHXW:er8LjiRVwz86rPXW

Score

10^/10

healer dropper evasion trojan

Malware Config

Targets

- Target
  
  8203bbe81c23ed7c9ecb5479c1b9dc15ed12a9a68e6202fad6e9ff57c8f51b4c
- Size
  
  147KB
- MD5
  
  d5778e6eaec8dffc3d6abce4b017c864
- SHA1
  
  d43f30fa54ce2c32600d2bde7e5c8ab7fa024ada
- SHA256
  
  8203bbe81c23ed7c9ecb5479c1b9dc15ed12a9a68e6202fad6e9ff57c8f51b4c
- SHA512
  
  446b153c040242ee6deecd7f793e506b3101823a4dfcab08864cef5d9dfc48689daaed7ede85841c574db8fcf608b22621b41ee42108bc684ccb6d5bdaceac4a
- SSDEEP
  
  3072:KlZ3TFfpCRzzwQjiRb5welYpK23rlx4cLXfHXW:er8LjiRVwz86rPXW
Score

10^/10

healer dropper evasion trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Windows security modification
  evasion trojan
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdropperevasiontrojan