healer | e27ec438e9f44334ee6a73488f07dee064ed7bf2eed371e71425d9462613d461 | Triage

Sharing

General

Target

e27ec438e9f44334ee6a73488f07dee064ed7bf2eed371e71425d9462613d461
Size

1.0MB
Sample

230923-tqkwhagh8v
MD5

ad05132b6c98fc8bf79bcd3ae7f14fb9
SHA1

0d0ea07b5c4aeccad8caa527ad5ed3ea9a56dbb9
SHA256

e27ec438e9f44334ee6a73488f07dee064ed7bf2eed371e71425d9462613d461
SHA512

f5a0fd0743b9bc2a19a11038dd7bb11218f9319d01a48e10417e191ce7aabeca3937737f61ca1c0a97e1b43a5833de7716fd6e309d24f19604f82e3e43bb1fa2
SSDEEP

24576:Ky6eA72Vj8+5eCI2zRiReWjOQYGKW5xL+DGCg:R6eAwj82Iwi8WJOoD

Score

10^/10

healer dropper evasion persistence trojan

Malware Config

Targets

- Target
  
  e27ec438e9f44334ee6a73488f07dee064ed7bf2eed371e71425d9462613d461
- Size
  
  1.0MB
- MD5
  
  ad05132b6c98fc8bf79bcd3ae7f14fb9
- SHA1
  
  0d0ea07b5c4aeccad8caa527ad5ed3ea9a56dbb9
- SHA256
  
  e27ec438e9f44334ee6a73488f07dee064ed7bf2eed371e71425d9462613d461
- SHA512
  
  f5a0fd0743b9bc2a19a11038dd7bb11218f9319d01a48e10417e191ce7aabeca3937737f61ca1c0a97e1b43a5833de7716fd6e309d24f19604f82e3e43bb1fa2
- SSDEEP
  
  24576:Ky6eA72Vj8+5eCI2zRiReWjOQYGKW5xL+DGCg:R6eAwj82Iwi8WJOoD
Score

10^/10

healer dropper evasion persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdropperevasionpersistencetrojan