healer | 27884f346de6e135ffc7559cc22ad9075e643996665dde4f6ad9b85d3bf049c7 | Triage

Sharing

General

Target

g4780743.exe
Size

236KB
Sample

230919-hncasshd96
MD5

35e9af813fed242aacb760b30ef4bc9b
SHA1

463fedc2556f79351422a4f35d5504ed05738f59
SHA256

27884f346de6e135ffc7559cc22ad9075e643996665dde4f6ad9b85d3bf049c7
SHA512

4c8538e180830b57e500f32e5d4416c4e5ae4c6442389c3578c60341a11df0bf61ef6499f0a9a473210f338c72101a285fa2c6b79b7c999944d26b970c3f7523
SSDEEP

6144:9aAjEK2jicP5iOo2T8VrSd/sUAO12l3Xt1Sa:9aAfqiG59oun2Zt1Sa

Score

10^/10

healer dropper evasion trojan

Malware Config

Targets

- Target
  
  g4780743.exe
- Size
  
  236KB
- MD5
  
  35e9af813fed242aacb760b30ef4bc9b
- SHA1
  
  463fedc2556f79351422a4f35d5504ed05738f59
- SHA256
  
  27884f346de6e135ffc7559cc22ad9075e643996665dde4f6ad9b85d3bf049c7
- SHA512
  
  4c8538e180830b57e500f32e5d4416c4e5ae4c6442389c3578c60341a11df0bf61ef6499f0a9a473210f338c72101a285fa2c6b79b7c999944d26b970c3f7523
- SSDEEP
  
  6144:9aAjEK2jicP5iOo2T8VrSd/sUAO12l3Xt1Sa:9aAfqiG59oun2Zt1Sa
Score

10^/10

healer dropper evasion trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify Tools

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

healerdropperevasiontrojan

behavioral2

healerdropperevasiontrojan