healer | c1c0227e2777e3fa227a3fc1a957688b1861bc7ae2c4dc3d061c306bc748e004 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c1c0227e2777e3fa227a3fc1a957688b1861bc7ae2c4dc3d061c306bc748e004
Size

1.3MB
Sample

230921-gs192sdg5s
MD5

c49797161e6801d3e3d5a1f54732441b
SHA1

fbaf55973868e7cc0c86e8c11714b5e014f66ebb
SHA256

c1c0227e2777e3fa227a3fc1a957688b1861bc7ae2c4dc3d061c306bc748e004
SHA512

3ab482970fa3a06cf0120e9d317188c254b3d06e00857ece9cb52598574db1ac959358a0ae214b212da51b8802f5fe1d51c332a056f2c3ea3c9b6707af6fc868
SSDEEP

24576:Dy4HWwSljPxPdKJ8Atgcg++aoG3ThTPL7XrKd7eEtXamAEw5P/Szlvaz9a73V9+G:W425l7xcqcglG3FTnbKdeEJlALXSzlED

Score

10^/10

healer dropper evasion persistence trojan

Malware Config

Targets

- Target
  
  c1c0227e2777e3fa227a3fc1a957688b1861bc7ae2c4dc3d061c306bc748e004
- Size
  
  1.3MB
- MD5
  
  c49797161e6801d3e3d5a1f54732441b
- SHA1
  
  fbaf55973868e7cc0c86e8c11714b5e014f66ebb
- SHA256
  
  c1c0227e2777e3fa227a3fc1a957688b1861bc7ae2c4dc3d061c306bc748e004
- SHA512
  
  3ab482970fa3a06cf0120e9d317188c254b3d06e00857ece9cb52598574db1ac959358a0ae214b212da51b8802f5fe1d51c332a056f2c3ea3c9b6707af6fc868
- SSDEEP
  
  24576:Dy4HWwSljPxPdKJ8Atgcg++aoG3ThTPL7XrKd7eEtXamAEw5P/Szlvaz9a73V9+G:W425l7xcqcglG3FTnbKdeEJlALXSzlED
Score

10^/10

healer dropper evasion persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdropperevasionpersistencetrojan