healer | f083e0adfc6196b5a9eff007132b1bbce34ff64ea672a9aebe64ed0bcf745421 | Triage

Sharing

General

Target

g6429604.exe
Size

242KB
Sample

230919-hnh4cahd99
MD5

8989f700c821326027fe2fe0f49e5377
SHA1

42caa5229b3098681604d0ef16959b4bf0bbb4c2
SHA256

f083e0adfc6196b5a9eff007132b1bbce34ff64ea672a9aebe64ed0bcf745421
SHA512

2405054d42419eacc4e4ee9630e80a146e3a359a22152ad7d49098aac72691b218db1c3085a3d4b5ac604ddc874bc8369719f8e0ad126f6b1c4abdcfcfb2e368
SSDEEP

3072:e2dG6IBtVVzkEmJth+9p1ORs+NJ2uvHJ5TMi473cceipyEAeAg0FujDm6fQhQTt6:eTvJm09zORs+z/TMify9DAOu+QaTT8/

Score

10^/10

healer dropper evasion trojan

Malware Config

Targets

- Target
  
  g6429604.exe
- Size
  
  242KB
- MD5
  
  8989f700c821326027fe2fe0f49e5377
- SHA1
  
  42caa5229b3098681604d0ef16959b4bf0bbb4c2
- SHA256
  
  f083e0adfc6196b5a9eff007132b1bbce34ff64ea672a9aebe64ed0bcf745421
- SHA512
  
  2405054d42419eacc4e4ee9630e80a146e3a359a22152ad7d49098aac72691b218db1c3085a3d4b5ac604ddc874bc8369719f8e0ad126f6b1c4abdcfcfb2e368
- SSDEEP
  
  3072:e2dG6IBtVVzkEmJth+9p1ORs+NJ2uvHJ5TMi473cceipyEAeAg0FujDm6fQhQTt6:eTvJm09zORs+z/TMify9DAOu+QaTT8/
Score

10^/10

healer dropper evasion trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdropperevasiontrojan

behavioral2

healerdropperevasiontrojan