healer | 8da704b287ffc7e0c12eaf9ec4af47e5b8a593cc63d8279a8fdb6c66a87bc801 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8da704b287ffc7e0c12eaf9ec4af47e5b8a593cc63d8279a8fdb6c66a87bc801
Size

1.0MB
Sample

230923-hcprrafd55
MD5

114732a3a17f856e789488c063b194c0
SHA1

aaacadbb90b1784121605fa1c9218242befd98b1
SHA256

8da704b287ffc7e0c12eaf9ec4af47e5b8a593cc63d8279a8fdb6c66a87bc801
SHA512

89d8b0a846ab3c0d73e30606b1db34e52526cacbac335edc1f9557a3f8376e25fae6059cfd1fdd987c5634b06fb01a2c264c8297d386b4cfca5f85402726a9e1
SSDEEP

24576:4ySmuTleH1hngAR0Fro9IrG79onU1KfMqSYdOL/RRQ:/RuTUH1hl0I97sfMcOL/

Score

10^/10

healer dropper evasion persistence trojan

Malware Config

Targets

- Target
  
  8da704b287ffc7e0c12eaf9ec4af47e5b8a593cc63d8279a8fdb6c66a87bc801
- Size
  
  1.0MB
- MD5
  
  114732a3a17f856e789488c063b194c0
- SHA1
  
  aaacadbb90b1784121605fa1c9218242befd98b1
- SHA256
  
  8da704b287ffc7e0c12eaf9ec4af47e5b8a593cc63d8279a8fdb6c66a87bc801
- SHA512
  
  89d8b0a846ab3c0d73e30606b1db34e52526cacbac335edc1f9557a3f8376e25fae6059cfd1fdd987c5634b06fb01a2c264c8297d386b4cfca5f85402726a9e1
- SSDEEP
  
  24576:4ySmuTleH1hngAR0Fro9IrG79onU1KfMqSYdOL/RRQ:/RuTUH1hl0I97sfMcOL/
Score

10^/10

healer dropper evasion persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdropperevasionpersistencetrojan