Overview

overview

10

Static

static

3

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b2e9f1961068c7fa8e41dd3ae72f8cad15d68078a268f275cc634530c08f25a9

  • Size

    1MB

  • Sample

    230919-hwtj2she68

  • MD5

    7b3f9e2b1568b23496a3536e7cb1749d

  • SHA1

    47e2caa7f62a2ce95193aee0b4b0b0c9b9bc973c

  • SHA256

    b2e9f1961068c7fa8e41dd3ae72f8cad15d68078a268f275cc634530c08f25a9

  • SHA512

    e7ff30c52733441691caaacf7c939e9a5802b1bc018ca553c03ce608e4306e9cf63e0df6344cda4efa600a91f12706c7c7c4d8b85c848e64721bd19a2effa3c6

  • SSDEEP

    24576:jiyM5edpbbLZ8gSNiKsFiNDh8h3xaf+Uhnc41B1lCjxHiQghxVB1XQWus:A5+vWoq8h3xI+cc04H4T31XQWus

Score
10/10
healerdropperevasionpersistencetrojan

Malware Config

Targets

    • Target

      b2e9f1961068c7fa8e41dd3ae72f8cad15d68078a268f275cc634530c08f25a9

    • Size

      1MB

    • MD5

      7b3f9e2b1568b23496a3536e7cb1749d

    • SHA1

      47e2caa7f62a2ce95193aee0b4b0b0c9b9bc973c

    • SHA256

      b2e9f1961068c7fa8e41dd3ae72f8cad15d68078a268f275cc634530c08f25a9

    • SHA512

      e7ff30c52733441691caaacf7c939e9a5802b1bc018ca553c03ce608e4306e9cf63e0df6344cda4efa600a91f12706c7c7c4d8b85c848e64721bd19a2effa3c6

    • SSDEEP

      24576:jiyM5edpbbLZ8gSNiKsFiNDh8h3xaf+Uhnc41B1lCjxHiQghxVB1XQWus:A5+vWoq8h3xI+cc04H4T31XQWus

    Score
    10/10
    healerdropperevasionpersistencetrojan

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

2
T1112

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks