healer | 5158a232d953ba32ce82499cdc54e8d7fd113b3672c9b9d82ee5df3f842eb410 | Triage

Sharing

General

Target

g6373050.exe
Size

236KB
Sample

230919-hmrdbshd76
MD5

9dc867c2adacdd76b2324bc47467f83c
SHA1

f3decfe079b8dc76d536de7ca9aeec2c0da18d72
SHA256

5158a232d953ba32ce82499cdc54e8d7fd113b3672c9b9d82ee5df3f842eb410
SHA512

0b7c0c7514e7468cf89e6492608ab2e24054c94ebc77fe571dba7c9aa612f82c3d5d0c3c62f1e9acbfd01229568b83847dd9ff331f618b7bb8cb89d3437aacff
SSDEEP

6144:EL0jE12jicP5iOo2T8VrSd/sUAOQ2lV1Sa:EL0cqiG59ou62f1Sa

Score

10^/10

healer dropper evasion trojan

Malware Config

Targets

- Target
  
  g6373050.exe
- Size
  
  236KB
- MD5
  
  9dc867c2adacdd76b2324bc47467f83c
- SHA1
  
  f3decfe079b8dc76d536de7ca9aeec2c0da18d72
- SHA256
  
  5158a232d953ba32ce82499cdc54e8d7fd113b3672c9b9d82ee5df3f842eb410
- SHA512
  
  0b7c0c7514e7468cf89e6492608ab2e24054c94ebc77fe571dba7c9aa612f82c3d5d0c3c62f1e9acbfd01229568b83847dd9ff331f618b7bb8cb89d3437aacff
- SSDEEP
  
  6144:EL0jE12jicP5iOo2T8VrSd/sUAOQ2lV1Sa:EL0cqiG59ou62f1Sa
Score

10^/10

healer dropper evasion trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify Tools

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

healerdropperevasiontrojan

behavioral2

healerdropperevasiontrojan