healer | e32147775057d02e266598c08c8915bcf2b65599af1750f7505a9f26718139d7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

x7249290.exe
Size

651KB
Sample

230920-ezvpqsgb65
MD5

ca7a6c546268d7073f3d498e6b17ce18
SHA1

9df96bbca7e7fb3859ebb8912fd930a35f028c3c
SHA256

e32147775057d02e266598c08c8915bcf2b65599af1750f7505a9f26718139d7
SHA512

bc6a2c4b9197017b0b02589f06250fa8d3ade54a74b4ba43b3717c7cfecbddce0d58af8da2df692c04de32e9faca2c6cae5003b6d3104f7d659f0f2e43fb7017
SSDEEP

12288:7Mrgy90eHpatLIQnqsyfZKaAn56kn0H4MhdZylbh+32qx//a5hu:fymtLIwKsaC6rY+Zy9h+3k7u

Score

10^/10

healer dropper evasion persistence trojan

Malware Config

Targets

- Target
  
  x7249290.exe
- Size
  
  651KB
- MD5
  
  ca7a6c546268d7073f3d498e6b17ce18
- SHA1
  
  9df96bbca7e7fb3859ebb8912fd930a35f028c3c
- SHA256
  
  e32147775057d02e266598c08c8915bcf2b65599af1750f7505a9f26718139d7
- SHA512
  
  bc6a2c4b9197017b0b02589f06250fa8d3ade54a74b4ba43b3717c7cfecbddce0d58af8da2df692c04de32e9faca2c6cae5003b6d3104f7d659f0f2e43fb7017
- SSDEEP
  
  12288:7Mrgy90eHpatLIQnqsyfZKaAn56kn0H4MhdZylbh+32qx//a5hu:fymtLIwKsaC6rY+Zy9h+3k7u
Score

10^/10

healer dropper evasion persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdropperevasionpersistencetrojan

behavioral2

healerdropperevasionpersistencetrojan