healer | 2f587191e89b78e30307e3d1c06e7fc8abcda40f2bbea21bb522c5c9dd07a8f6 | Triage

Sharing

General

Target

g3089245.exe
Size

242KB
Sample

230919-hm6g9ahd89
MD5

d1139a672dbbf2080d65e428ab2a5e89
SHA1

ba26ec755852555edba81f15f9937884666845c5
SHA256

2f587191e89b78e30307e3d1c06e7fc8abcda40f2bbea21bb522c5c9dd07a8f6
SHA512

5d9b0361549f6cc589dd9de63ed7af83b1a434524ff66cec60d6414d2fe3153f879f7a43d364e71fce933da89617d550d4b3858d48c2f19418f1db74809d52ca
SSDEEP

3072:e2NG6IBtVVzkEmJth+9p1ORs+NJ2uvHJ5TMi473cceipyEAeAg0FujD26fQUl3BQ:eDvJm09zORs+z/TMify9DAOu+QQR8/

Score

10^/10

healer dropper evasion trojan

Malware Config

Targets

- Target
  
  g3089245.exe
- Size
  
  242KB
- MD5
  
  d1139a672dbbf2080d65e428ab2a5e89
- SHA1
  
  ba26ec755852555edba81f15f9937884666845c5
- SHA256
  
  2f587191e89b78e30307e3d1c06e7fc8abcda40f2bbea21bb522c5c9dd07a8f6
- SHA512
  
  5d9b0361549f6cc589dd9de63ed7af83b1a434524ff66cec60d6414d2fe3153f879f7a43d364e71fce933da89617d550d4b3858d48c2f19418f1db74809d52ca
- SSDEEP
  
  3072:e2NG6IBtVVzkEmJth+9p1ORs+NJ2uvHJ5TMi473cceipyEAeAg0FujD26fQUl3BQ:eDvJm09zORs+z/TMify9DAOu+QQR8/
Score

10^/10

healer dropper evasion trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify Tools

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

healerdropperevasiontrojan

behavioral2

healerdropperevasiontrojan