Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    g0103104.exe

  • Size

    236KB

  • Sample

    230919-hmcvyafd3t

  • MD5

    4453360a4d31d743e99701fe4bd7e4a7

  • SHA1

    02af3df690da8cf02ca9e54b1f038976f7063938

  • SHA256

    621e67654ebba1a6562be4cda0bcf6491b6da1b97385169609ce51d745389689

  • SHA512

    d9e26e972d829a24fbf3e825520ae2655b0d09aeb17c1a6155168e57206c9cc6af3500e6f1407ef782ce358fd82711b384714244cfa07b69116ead2015a9a2b9

  • SSDEEP

    6144:u1/jEZ2jicP5iOo2T8VrSd/sUAO62lx1Sa:u1/UqiG59ou02j1Sa

Score
10/10
healerdropperevasiontrojan

Malware Config

Targets

    • Target

      g0103104.exe

    • Size

      236KB

    • MD5

      4453360a4d31d743e99701fe4bd7e4a7

    • SHA1

      02af3df690da8cf02ca9e54b1f038976f7063938

    • SHA256

      621e67654ebba1a6562be4cda0bcf6491b6da1b97385169609ce51d745389689

    • SHA512

      d9e26e972d829a24fbf3e825520ae2655b0d09aeb17c1a6155168e57206c9cc6af3500e6f1407ef782ce358fd82711b384714244cfa07b69116ead2015a9a2b9

    • SSDEEP

      6144:u1/jEZ2jicP5iOo2T8VrSd/sUAO62lx1Sa:u1/UqiG59ou02j1Sa

    Score
    10/10
    healerdropperevasiontrojan

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Modify Registry

1
T1112

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks