healer | 9fee5ceb2bc7ee8d09715df8d18b155a7fb5290879e9c17630fa857e1147bb26 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9fee5ceb2bc7ee8d09715df8d18b155a7fb5290879e9c17630fa857e1147bb26
Size

1.3MB
Sample

230920-12vneaah5x
MD5

9b573406de7fc18b991176a867ba5b4e
SHA1

656353846deb247f3fa34c58f972f867daa176f4
SHA256

9fee5ceb2bc7ee8d09715df8d18b155a7fb5290879e9c17630fa857e1147bb26
SHA512

2fa1b8c0bdcadd705f94f2c430bd4cd46bc087e84375990cae87b0719110a4bd67de344f66dca0d72ad86d4e6f16cb21697e7ce5726fd4ca35cd262656e6c86c
SSDEEP

24576:byc+ojDdYgx46CoOqHxrOdyMysNzVqiluBFDjvGXJgiKbLFaWUd:Oc+Sx0oOSxrBML8xjvGOPQW

Score

10^/10

healer dropper evasion persistence trojan

Malware Config

Targets

- Target
  
  9fee5ceb2bc7ee8d09715df8d18b155a7fb5290879e9c17630fa857e1147bb26
- Size
  
  1.3MB
- MD5
  
  9b573406de7fc18b991176a867ba5b4e
- SHA1
  
  656353846deb247f3fa34c58f972f867daa176f4
- SHA256
  
  9fee5ceb2bc7ee8d09715df8d18b155a7fb5290879e9c17630fa857e1147bb26
- SHA512
  
  2fa1b8c0bdcadd705f94f2c430bd4cd46bc087e84375990cae87b0719110a4bd67de344f66dca0d72ad86d4e6f16cb21697e7ce5726fd4ca35cd262656e6c86c
- SSDEEP
  
  24576:byc+ojDdYgx46CoOqHxrOdyMysNzVqiluBFDjvGXJgiKbLFaWUd:Oc+Sx0oOSxrBML8xjvGOPQW
Score

10^/10

healer dropper evasion persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdropperevasionpersistencetrojan