healer | a9045122e6ace54750a3cb417ecd9c9384bf2980f67e5b2c77086993494b6e26 | Triage

Sharing

General

Target

g3563689.exe
Size

242KB
Sample

230919-hmj91shd73
MD5

5deeb63413c6626d783613f12f852975
SHA1

75ae86c0a2c20175c37ada5c2a99cc33e9010d89
SHA256

a9045122e6ace54750a3cb417ecd9c9384bf2980f67e5b2c77086993494b6e26
SHA512

450e4d53a2e3a3fc8c1468564a29b7af6eb0aca2f459d495122a58ac1914c098b01a96395d42bcca34171af443ce1b5e18b6aeb4abfeaee6d2d2611359b3f528
SSDEEP

3072:a2FG6IBtVVzkEmJth+9p1ORs+NJ2uvHJ5TMi473cceipyEAeAg0FujDi6fQFgB8/:avvJm09zORs+z/TMify9DAOa+QO8/

Score

10^/10

healer dropper evasion trojan

Malware Config

Targets

- Target
  
  g3563689.exe
- Size
  
  242KB
- MD5
  
  5deeb63413c6626d783613f12f852975
- SHA1
  
  75ae86c0a2c20175c37ada5c2a99cc33e9010d89
- SHA256
  
  a9045122e6ace54750a3cb417ecd9c9384bf2980f67e5b2c77086993494b6e26
- SHA512
  
  450e4d53a2e3a3fc8c1468564a29b7af6eb0aca2f459d495122a58ac1914c098b01a96395d42bcca34171af443ce1b5e18b6aeb4abfeaee6d2d2611359b3f528
- SSDEEP
  
  3072:a2FG6IBtVVzkEmJth+9p1ORs+NJ2uvHJ5TMi473cceipyEAeAg0FujDi6fQFgB8/:avvJm09zORs+z/TMify9DAOa+QO8/
Score

10^/10

healer dropper evasion trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify Tools

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

healerdropperevasiontrojan

behavioral2

healerdropperevasiontrojan