healer | 85c512fbf6bdc46b301a7fca81c9d0b9c420ba21078befeec31d6061b7c1590b | Triage

Sharing

General

Target

g2204807.exe
Size

236KB
Sample

230919-hnqheshe25
MD5

bd7db8b543d1b8d37a380bace855e6f1
SHA1

6bb4a5230f3038cfc4414e36175e399df0123568
SHA256

85c512fbf6bdc46b301a7fca81c9d0b9c420ba21078befeec31d6061b7c1590b
SHA512

bd3d7ddfdefbb677e43fcc87b00f265c9a0cade8aa2f39d40eedb272586e2291c28d085035a3053a214ffb0102c1d6cbd1aa7606fb5c744c6aff3a54f3c6d63f
SSDEEP

6144:d/KXjE22jicP5iOo2T8VrSd/sUAOx2l2TYb1Sa:diXHqiG59ouH2kYb1Sa

Score

10^/10

healer dropper evasion trojan

Malware Config

Targets

- Target
  
  g2204807.exe
- Size
  
  236KB
- MD5
  
  bd7db8b543d1b8d37a380bace855e6f1
- SHA1
  
  6bb4a5230f3038cfc4414e36175e399df0123568
- SHA256
  
  85c512fbf6bdc46b301a7fca81c9d0b9c420ba21078befeec31d6061b7c1590b
- SHA512
  
  bd3d7ddfdefbb677e43fcc87b00f265c9a0cade8aa2f39d40eedb272586e2291c28d085035a3053a214ffb0102c1d6cbd1aa7606fb5c744c6aff3a54f3c6d63f
- SSDEEP
  
  6144:d/KXjE22jicP5iOo2T8VrSd/sUAOx2l2TYb1Sa:diXHqiG59ouH2kYb1Sa
Score

10^/10

healer dropper evasion trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify Tools

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

healerdropperevasiontrojan

behavioral2

healerdropperevasiontrojan